The nation’s top cybersecurity watchdog and industry experts concur: When it comes to protecting the electric grid from cyberthreats, public-private partnerships are vital.
“We can all agree our nation’s security depends on safe, reliable energy infrastructure,” said Jeff Baumgartner, senior adviser at the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). “It is critical that we out-innovate our adversaries.”
Baumgartner addressed an Oct. 1 congressional staff briefing on Capitol Hill organized by NRECA, the American Public Power Association and the Edison Electric Institute to kick off National Cyber Security Awareness Month.
DOE has a multiyear plan for CESER to heighten cybersecurity for grid resilience along with research and development and demonstration of technologies involving the department’s national laboratories, universities and industry, Baumgartner said.
A panel of cybersecurity experts emphasized the importance of the federal government working with utilities and the value of sharing information.
“Collaboration is king to protecting our nation from the variety of threats we now face,” said Ron Keen, a senior adviser at the Department of Homeland Security. “Whatever the threat of tomorrow is, we must begin preparing today, and we must do it together.”
“Cybersecurity is a shared responsibility between industry and government,” said Puesh Kumar, DOE director of preparedness and exercises. “We see this as a public-private partnership.”
Fritz Hertz, director of legislative and regulatory affairs at the North American Electric Reliability Corp. (NERC), noted that only the electricity sector is subject to mandatory cybersecurity standards. NERC’s critical infrastructure protection, or CIP, standards cover generation and transmission cooperatives among other entities that interact with the electric grid.
Ben Waldrep, senior vice president and chief security officer at Duke Power, underscored the importance of tabletop exercises and cyberthreat simulations. Owners and operators of the bulk power system participate in NERC cybersecurity drills dubbed GridEx. To keep up with cybersecurity, utilities and other parties involved with the bulk electric power system “must drill, drill, drill,” he said, and “follow up on tests.”
Public-private partnership efforts in the electric utility industry are strongly supported by the Electricity Subsector Coordinating Council (ESCC). Electric cooperatives are members of the 31-seat ESCC, the principal liaison between the power sector and leaders in the federal government.
CEOs serving on the ESCC include Jim Matheson of NRECA, Duane Highley of Arkansas Electric Cooperative Corp., who is also one of three co-chairs, Greg Ford of Georgia System Operations Corp. and Jay Bartlett of Wabash Valley Power Association. A fifth co-op CEO will be named to the ESCC soon.
Additionally, generation and transmission co-ops participate in the Electricity Information Sharing and Analysis Center (E-ISAC), which is part of NERC. The E-ISAC in its information-sharing role provides further support of the public-private partnerships.
Cathy Cash is a staff writer at NRECA.