It’s not just the conspiracy theorists that lay awake at night thinking about the risks facing the United States and other developed countries by any number of nefarious entities planning to disrupt our infrastructure and economies. In fact, for a number of years, a top priority voiced by utility professionals in annual surveys about the industry has been cybersecurity. The government is concerned too. They were concerned enough to issue Executive Order 13800 on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” which mandated an assessment of the country’s electricity disruption incident response capabilities.
The U.S. DOE recently issued a report detailing findings and recommendations from a comprehensive joint effort by numerous agencies and partners of the Federal Government to explore our cyber-threat preparedness as required by Executive Order 13800. The report can be found here: https://www.energy.gov/sites/prod/files/2018/05/f51/EO13800%20electricity%20subsector%20report.pdf.
DOE’s report suggests several factors that may make cyberthreats more challenging than the more “typical” emergencies system operators have become so adept at handling: (1) cyber-events may involve little or no-notice that would prevent preemptive protective measures, restoration plans and responder activation; (2) unpredictable system responses due to the nature of the impacts or simultaneous component failure; (3) additional time required for system diagnostics again due to unpredictability of events; and (4) the lack of available expertise in cybersecurity.
The report discusses plans that will advance national preparedness and augment the United States’ ability to respond to a power outage resulting from a significant cyber incident, including a National Cyber Incident Response and United States Cyber Incident Coordination plans. Areas requiring ongoing attention include information sharing, incident response skill enhancement, training and the conduct of exercises. The assessment identifies gaps in capabilities relating to cyber incident response capacity, developing high-priority plans, augmenting scarce and critical resources, and understanding and characterizing response efforts to catastrophic incidents.