Dreamstime L 120781089 5ea6c9cbb9f9a

Utility Commissioners Briefed on Pillars to Boost Critical Infrastructure Security

April 27, 2020
State utility commissions can strengthen the cybersecurity of U.S. critical infrastructure by advancing relevant recommendations of the Cyberspace Solarium Commission report.

State utility commissions can strengthen the cybersecurity of U.S. critical infrastructure — particularly the electric grid — by advancing several relevant recommendations of the Cyberspace Solarium Commission report released last month, utility commissioners were told in a webinar recently.

Two of the Solarium Commission's members — Southern Co. Chairman, CEO, and President Tom Fanning, and former National Security Agency Deputy Director Chris Inglis — briefed utility commissioners on the report's key pillars during the webinar. The event was co-sponsored by the National Association of Regulatory Utility Commissioners (NARUC) and the not-for-profit Protect Our Power (POP) organization.

"Every aspect of society — from critical infrastructure, banking, education, and healthcare — relies on safe, reliable utility services and communications networks. The layered cyber deterrence approach outlined in the Cyberspace Solarium Commission's report may serve as a practical roadmap to protect our critical infrastructure," said NARUC President Brandon Presley of the Mississippi Public Service Commission. "I am pleased that our association is able to work collaboratively with POP to share this important information with our regulators and the broader utility community."

The Cyberspace Solarium Commission was established by Congress to "develop a consensus on a strategic approach to defending the United States in cyberspace against cyberattacks of significant consequences." The finished report, consisting of more than 80 recommendations organized into six key pillars, was presented to the public on March 11. The full report is available at https://www.solarium.gov.

"The battles of the future will be fought on our nation's energy infrastructure, telecommunication networks, and financial systems," said Fanning. "The Cyberspace Solarium Commission was created to reimagine military doctrine for this new digital reality. Fully 87% of the critical infrastructure in the United States is owned by private industry, making the collaboration between the private sector and government in protecting our American way of life that much more vital."

Fanning also co-chairs the Electric Sector Coordinating Council (ESCC), which serves as the principal liaison between the federal government and the electric power industry, with the mission of coordinating efforts to prepare for, and respond to, national-level disasters or threats to critical infrastructure.

POP Senior Advisor Richard Mroz, former president of the New Jersey Board of Public Utilities and former chairman of NARUC's Critical Infrastructure Committee, moderated the webinar.

"It is vital that we protect our electric grid that supports all of our critical infrastructure in the United States. POP is pleased we could join NARUC in convening this important event to highlight the work of the Solarium Commission and its importance to state officials," Mroz said.

The six key pillars of the Solarium Commission report are:

  1. Reform the U.S. government's structure and organization for cyberspace.
  2. Strengthen norms and non-military tools.
  3. Promote national resilience.
  4. Reshape the cyber ecosystem.
  5. Operationalize cybersecurity collaboration with the private sector.
  6. Preserve and employ the military instrument of national power.

Two recommendations on pages 4 and 5 of the report make clear the critical need for a more resilient electric grid by calling for actions to protect "critical functions" that are dependent upon a reliable power supply:

  1. Congress should direct the U.S. government to develop and maintain continuity of the economy planning in consultation with the private sector to ensure continuous operation of critical functions of the economy in the event of a significant cyber disruption.
  2. Congress should codify the concept of "systemically important critical infrastructure," whereby entities responsible for systems and assets that underpin national critical functions are ensured of the full support of the U.S. government and shoulder additional security requirements befitting their unique status and importance.

Voice your opinion!

To join the conversation, and become an exclusive member of T&D World, create an account today!