Ten years ago, a major cascading outage affected an estimated 50 million people in the northeastern and Midwestern United States as well as the province of Ontario in Canada. The event was a stark and somewhat frightening reminder of the ubiquity of electricity as well as the importance of protecting its continuity. Physical threats and faults to the grid have always been a concern in the industry, but cyber threats have emerged — particularly over the last 10 years — as a new danger. The American Public Power Association (APPA), and the thousands of public power systems it represents, is working hard to improve efficiencies and effectiveness in the areas of both physical and cybersecurity to combat this new danger.
When it comes to utility security, we can’t always count on the cooperation of weather, acts of God or those who want to do harm to our grid. What we can count on is the electric utility industry’s robust mutual aid network, which has been in place for more than 100 years and was perpetually strengthened in the wake of major events such as Superstorm Sandy.
Joining Forces to Improve Reliability
APPA has been closely coordinating with the Department of Energy (DOE), the Department of Homeland Security, the Federal Emergency Management Agency (FEMA) and other federal entities so that the effects of future disasters are mitigated as quickly and efficiently as possible. APPA staff has responded to the call to help operate the DOE Emergency Response Center to assist the DOE in its role as FEMA’s Emergency Support Function 12 lead agency. Additionally, APPA has created a Mutual Aid Working Group to formalize a national mutual aid plan for public power utilities. The plan involves coordination with the entire U.S. electric industry as well as strategic Canadian utilities, and it will aim to outline roles and responsibilities for both those requesting aid and those responding to requests.
APPA is also working with the Electricity Sub-Sector Coordinating Council (ESCC), which aims to facilitate and support the coordination of subsector-wide, policy-related activities and initiatives designed to improve the reliability and resilience of the electricity subsector. This includes physical and cybersecurity infrastructure and emergency preparedness of the nation’s electrical grid. The mission of the ESCC is based on the National Infrastructure Advisory Council recommendation to initiate an executive-level dialogue with electric power sector CEOs and other senior executives on the roles and responsibilities of the industry in addressing high-impact infrastructure risks and potential threats, and is consistent with the recent Presidential Policy Directive 21, Critical Infrastructure Security and Resiliency, as well as Executive Order 13636, Improving Critical Infrastructure Cybersecurity.
The ESCC has created a working document called the “Electric Utility Senior Executive Playbook,” which aids in planning and coordinating decision making during a power disruption, or a potential or realized threat against critical energy infrastructure that impacts national security.
Putting the Plan into Action
Aside from the ESCC, APPA and its members participate in eight working groups aimed at carrying out the Presidential Policy Directive 21 and Executive Order 13636. These groups focus on stakeholder engagement; cyber-dependent infrastructure identification; updating the Department of Homeland Security’s National Infrastructure Protection Plan; creating a culture of situational awareness and information exchange; developing compliance incentives; facilitating framework collaboration with the National Institute of Standards and Technology; assessing privacy, civil rights and civil liberties issues; and research and development. APPA staff and member utility personnel are working with all federal agencies and industry to populate these working groups to meet the executive order deadlines.
APPA is also helping our electric utilities comply with the North American Electric Reliability Corp.’s mandatory Critical Infrastructure Protection standards, which are already under their fifth revision. On the legislative side, APPA supports narrowly crafted and targeted legislation to address cybersecurity emergencies. The association believes this can be accomplished without placing an unnecessary burden on the electric utility industry that is duplicative of current processes and may achieve only limited results. APPA also strongly supports enhanced information sharing between the federal government and industry.
As not-for-profit electric utilities owned and operated by the customers we serve, APPA members are keenly aware of the importance of keeping the lights on and of protecting our infrastructure from threats. But we are also aware that new threats can always surface. The actions we are taking today will go a long way toward ensuring that catastrophes like the one 10 years ago do not happen again.
Michael Hyland is senior vice president of engineering services with the American Public Power Association.