Since a 2013 rifle attack on a critical electric power substation in California, the U.S. electric power sector has generally moved toward greater physical security for critical assets, according to a report published by the Congressional Research Service. But the report says bulk power security "remains a work in progress," and suggests further investment -- and policy reforms -- may follow.
The report published on March 19, 2018 -- NERC Standards for Bulk Power Physical Security: Is the Grid More Secure? -- begins with the premise that securing the electric power grid is among the nation's highest priorities for critical infrastructure protection. It notes that a 2013 rifle attack on an electric transmission substation in California which caused widespread power outages also broadened policy attention from cybersecurity to
encompass the
physical security
of assets critical to the power grid.
In response, Congress enacted legislation to strengthen power grid physical security and to facilitate its recovery from disruption. Section 1104 of the Fixing America’s Surface Transportation (FAST) Act contains provisions to protect or restore the reliability of critical electric infrastructure or defense of critical electric infrastructure during a grid security emergency. The Federal Energy Regulatory Commission (FERC) and the nation's electric reliability organization NERC also took action to develop new reliability standards for the physical security of bulk power critical infrastructure.
But physical security risks may persist. The report references a September 2016 rifle attack on a Garkane Energy Cooperative transformer substation in Utah as illustrating this persistence. The report notes that while it is probably accurate to conclude that the grid is more physically secure than it was in 2013, "it has not necessarily reached the level of physical security needed based on the sector's own assessments of risk.
The report notes Congress's continued concern about the physical security of the electric grid. It identifies possible areas for further policy focus as including "security implementation oversight, cost recovery, hardening vs. resilience, and the
quality of threat information."
Meanwhile, cybersecurity has remained a priority. An October 2017 FERC report describing the results of its audits of regulated companies' cybersecurity protection processes and procedures noted that most met the applicable mandatory standards. But earlier this month, NERC fined an anonymous utility $2.7 million for alleged violations of reliability standards in connection with a data security breach, and the U.S. Department of Homeland Security issued warnings about Russian hackers targeting computer systems controlling energy and other critical infrastructure.
Interest in shoring up the security of energy infrastructure and systems -- both from physical attacks as well as cyber threats -- appears poised to drive continued discussions, regulation, and investment.
No comments:
Post a Comment