Blog

Proactively & Strategically Countering Dynamic Risks to Secure Critical Power & Energy Infrastructures | Technological Leadership Institute

Posted on
January 6, 2016

The recent publication of a timely book, “Lights Out,” by long-time respected journalist Ted Koppel has raised considerable concerns, hope and fears in a wide range of audiences not intimately involved in security in the power and energy sectors. Since its publication, my phone has been ringing off the hook with a whole range of concerns and questions to “sanity check” and to seek the truth: the questions ranging from “How serious a problem is a cyber, geomagnetic storms, weaponized electromagnetic pulse (EMP), or physical attack for our electric infrastructure?” and “Are cyber security threats real?”, all the way to “Are prolonged and total ‘lights out’ scenarios probable or even possible, and could they lead to the end of our civilization?”

Looking Back

For over two-thirds of Americans, the January 2013 State of the Union Address by President Obama, who mentioned a self-healing grid, was probably the first they had ever heard about a power system that could identify and fix its own problems without direct human intervention. But the concept of a self-healing grid goes back over 20 years and by now is well developed. At one point in his address, President Obama aroused excitement and also some confusion regarding a self-healing grid. I wrote about that in a column in March 2013. Since Koppel’s book was published, I have been asked several questions, briefly noted above, concerning the security and reliability of our critical infrastructures. While such concerns and a widening spectrum of threats are not new, they are highlighted and punctuated every time there is major news, and unfortunately forgotten a while later. We tend to be a nation of “fire fighters,” reactive during and post crises, rather than strategic and proactive. Success in managing evolving risks, training a well-prepared work force, and growing our economy will come from taking a greater foresight, with sustained judicious commitment to address challenges that really matter.

Such concerns arise in the aftermath of major tragedies (such as pre Y2K, post 9/11, the 2003 Blackout, responses to major hurricanes such as Charlie, Katrina, and Sandy, collapse of the I-35W bridge, major outages due to increasingly extreme weather conditions…), or in response to major credible assessments, or books such as “Lights Out.” So what is the truth? Is it Black and White, or it more nuanced and complex? My answer, in short, is that the sky is not falling but on the other hand, we are not yet bulletproof. We must also recognize that every utility’s efforts contribute to the quality of life, economic stability and, thus, the security of our nation.

Is Our Infrastructure Safe and Secure?

Over 90 percent of the electric power infrastructure is privately owned, and is subject to oversight by mostly Public Utility Commissions (for low-voltage distribution systems at the local level) and by the Federal Energy Regulatory Commission in the U.S. (for the high-voltage transmission network), with delegated authority to National Electric Reliability Corporation and eight Regional Entities (REs) for mandatory reliability and security standards and compliance in North America. Within this monitoring compliance/enablement framework, the industry has taken a more focused approach to counter cyber and physical threats to the North American bulk power system even more seriously than before. The industry has decades of experience working to protect our shared infrastructure and is constantly evaluating threats and taking steps, in coordination with FERC, Department of Energy and Department of Homeland Security, to protect the system. Cyber and physical security have long been priorities for the industry, NERC, Electric Power Research Institute and the agencies noted. 

Difficult Choices

Developing the tools that increase awareness and education about cyber threats is paramount. Yet it has been an ongoing challenge; educating stakeholders and colleagues in the cyber-physical interdependencies has been difficult, as even distinguished members of the community who understand power systems well routinely minimize persistent, novel threats. Improving the sharing of intelligence, threat information and analysis to develop proactive protection strategies might improve the situation. This will include the development of threat coordination centers at local, regional and national levels. Like any complex, dynamic infrastructure system, the electricity grid has many layers and is vulnerable to many different types of disturbances. While strong, centralized control is essential to reliable operations, this requires multiple technologies that are especially vulnerable when they are needed most: during serious system stresses or power disruptions. As security programs, such as CIP 5, are built and protections put into place, difficult choices will have to be made about how to handle a number of trade-offs – most of which we can accomplish over the next five years, by addressing the following:

Outdated regulatory framework
Split regulatory jurisdiction over the grid is inhibiting investment and modernization efforts. Bulk electric systems are under federal control, but individual states control distribution, metering, and other aspects of the grid. Overlapping, inconsistent roles, and authorities of federal agencies can hinder development of productive, public-private working relationships. A new model for these relationships is required for infrastructure security. Additional regulatory reforms, such as the creation of a stockpiling authority, could obtain long lead-time equipment (such as transformers) based on the power industry’s inventory of critical equipment, which decrease the probability an attack will substantially reduce grid functionality.

Controls and Communication
Protection of power generation, transmission and distribution equipment is insufficient to guarantee delivery of electricity because widespread, coordinated denial of control and communication systems could cause significant disruption to the power grid. This includes SCADA systems, communications between control systems, monitoring systems and business networks. However, the power management control rooms are currently well-protected physically, although they may have cyber vulnerabilities. NERC requires a backup system and there are also manual workarounds in place. The Federal Energy Regulatory Commission (FERC) is working toward a common set of security requirements that will bring all electric sector entities up to at least a minimum level of protection.

Investments in Security
Although hardening some key components—such as power plants and critical substations—is highly desirable, providing comprehensive physical protection for all components is simply not feasible or economical. Dynamic, probabilistic risk assessments have provided strategic guidance on allocating security resources to greatest advantage. However, pathways to cost recovery and making a business case for security investments and upgrades often pose challenges, since the benefits from those investments and upgrades are not always visible.

Security Versus Efficiency
The specter of future multi-hazard threats, including sophisticated terrorist attacks, raises a profound dilemma for the electric power industry, which must make the electricity infrastructure more secure, while being careful not to compromise productivity. Resolving this dilemma will require both short- and long-term technology development and deployment. Supportive public policy to aid cost recovery could greatly incentivize development of new business models and strategies.

Centralization of Control
For several years, there has been a trend toward centralizing control of electric power systems. Regional transmission organizations were introduced in order to greatly increase efficiency and improve customer service. At the same time, terrorists can exploit the weaknesses of centralized control; therefore, a shift towards developing smaller and local semi-autonomous systems would seem to be preferable. In fact, strength and resilience in the face of attack will increasingly require the ability to bridge simultaneous top-down and bottom-up decision-making in real time—fast-acting and totally distributed at the local level, coordinated at the mid-level, and aligned with national objectives.

Wider Grid Integration and Increasing Complexity
System integration helps move power more efficiently over long distances and provides redundancy to ensure reliable service, but it also makes the system more complex and harder to operate. The utility industry will need new approaches to simplify the operation of complex power systems and make them more robust in the face of natural or human-made interruptions. Dependence on Internet communications. Today’s power systems could not operate without tightly knit communications capabilities ranging from high-speed data transfer among control centers to the interpretation of intermittent signals from remote sensors. But due to the vulnerability of Internet-linked communications, protecting the electricity supply system will require new technology to improve the security of power-system command, control and communications, including both hardware and software.

Recommendations to the U.S. Department of Energy

Markets and Policy
-Use the National Institute of Standards and Technology (NIST) Smart Grid Collaboration or the NARUC Smart Grid Collaborative as models to bridge the jurisdictional gap between the federal and the state regulatory organizations on issues such as technology upgrades and system security.

-More transparent, participatory and collaborative discussion among federal and state agencies, transmission and distribution asset owners, regional transmission operators (RTOs) and independent system operators (ISOs) and their members and supporting research is needed to improve these parties’ understanding of mutual impacts, interactions and benefits that may be gained from these efforts.

-Continue working at a federal level on better coordination of electricity and gas markets to mitigate potential new reliability issues due to increasing reliance on gas generation; and update the wholesale market design to reflect the speed at which a generator can increase or decrease the amount of generation needed to complement variable resources.

Asset Management
Support holistic, integrated approach in simultaneously managing fleet of assets to best achieve optimal cost-effective solutions addressing the following:

-Aging infrastructure, Grid hardening (including weather-related events, physical vulnerability, and cyber security) and System reliability.

-Urgently address managing new smart grid assets such as advanced metering infrastructure (AMI) and intelligent electronic devices.

-Encourage utilities to investigate practical measures to shorten times to replace and commission equipment failures due to extreme events or other reasons.

-In the case of long-duration interruptions, all utilities should adopt improved measures to provide customers with a timely estimate of when power is to be restored.

-When extreme events occur it is important for post-event reviews to determine impacts and lessons learned for better management of future events.

-Infrastructure security requires a new model for private sector-government relationships. Overlapping and inconsistent roles and authorities hinder development of productive working     relationships and operational measures.

Perform Critical Spares and Gap Analysis
-A detailed inventory is needed of critical equipment, the number and location of available spares and the level of interchangeability between sites and companies.

-Mechanisms need to be developed for stockpiling long lead-time equipment and for reimbursement to the stockpiling authority, be it private or government. Other approaches
include standardizing equipment to reduce lead times and increase interchangeability.

-U.S. DOE should continue to work with industry to ensure that the protection of spares and all assets is carried out and that transportation of large equipment is feasible.

-Utilities should also continue to work with industry and manufacturers to expand the existing self-healing transformer programs, such as efforts now underway by EPRI and ABB. 

-Increased federal R&D for emerging technologies that may impact T&D grids, including new types of generation, new uses of electricity and energy storage, with an additional focus on deployment and integration of such technologies to improve the reliability, efficiency and management of the grids.

-Application of proactive widespread condition monitoring, integrating condition and operational data, has been shown to provide a benefit to real-time system operations, both in terms of asset use and cost-effective, planned replacement of assets.

Reliability, Security, Privacy, and Resilience
-Facilitate, encourage, or mandate that secure sensing, “defense in depth,” fast reconfiguration and self-healing be built into the infrastructure.

-Mandate consumer data privacy and security for AMI systems to provide protection against personal profiling, real-time remote surveillance, identity theft and home invasions, activity censorship and decisions based on inaccurate data.

-Support alternatives for utilities that wish to reduce or eliminate the use of wireless telecom networks and the public Internet where there might be concerns about increased grid vulnerabilities. These alternatives include the ability for utilities to obtain private spectrum at a reasonable cost.

-Improve sharing of intelligence and threat information and analysis to develop proactive protection strategies, including development of coordinated hierarchical threat coordination centers – at local, regional and national levels. This may require either more security clearances issued to electric sector individuals or treatment of some intelligence and threat information and analysis as sensitive business information, rather than as classified information.

-Speed up the development and enforcement of cyber security standards, compliance requirements and their adoption. Facilitate and encourage design of security from the start and include it in standards.

-Increase investment in the grid and in R&D areas that assure the security of the cyber infrastructure (algorithms, protocols, chip-level and application-level security).

Actions Required to Improve Security and Resilience

POLICY REMAINS THE SINGLE BIGGEST INFLUENCE ON THE BUSINESS CASE

Critical regulatory issues currently being reviewed include how costs and benefits are apportioned to myriad stakeholders, whether a microgrid relies on the distribution system (or transmission system) for backup, whether and how to treat non-utility microgrid sponsors as utilities, and multiple possible business models for utilities offering microgrids.

Metrics, Best Practices, and Roadmaps
Establish metrics on workforce and identify policies that facilitate necessary workforce development activities by the regulated companies. There is a workforce crisis coming that could affect customer services and costs so it is in the public interest that regulators increase their oversight of workforce development.

Select Lead Organization to Facilitate Dialog
Design and hold workforce workshops for NARUC, FERC and NERC that create situational awareness for state and national regulators. The NERC System Operator Certification and Training program should be used as an example of a successful program for regulated training. Initially the focus should be on the workforce whose performance is most directly connected to reliability, such as system operators, linemen, planning engineers, protection engineers/technicians and substation operators. DOE can convene a cross functional group of experts to include industry, government agencies (DOL, DOE, NSF, DHS, and DOD) and regulators for the purpose of reviewing current practices in workforce benchmarking and create metrics to quantify the threat posed to the electric grid's performance by insufficient replacement workers. DOE could seek out opportunities to co-fund industry education and training programs (IEEE examples include Scholarship Plus, WISE, Plain Talk) and fund student and innovation competitions.

Improve Existing Survey and Assessment Tools
In generation, FERC has in the Form-1 a large amount of the material needed to support an assessment of the adequacy of the generation fleet. There are operational and maintenance aspects that are not included in the Form-1. FERC Forms 714 and 715 provide some, but not all of this information and Form 556 provides information on smaller generation facilities. Again, the existing FERC data would not provide a complete survey, but it is a strong starting point to develop survey results from. For sales, forecasts, usage, and other consumption related information the Energy Information Agency (EIA) provides the best starting point.

Survey of the Electrical Infrastructure
-Bring together the industry and end-user stakeholders to look at the existing survey tools, and define the overall needs for an industry wide set of survey tools. This working group should provide a clear requirements document on what needs to be surveyed, and the depth that the survey needs to cover.

-Determine what existing materials can be used to support the survey requirements, minimizing new data collection.

-Provide adequate resources to complete a survey tool set that supports the requirements that were developed by the stakeholder group and uses the data from existing sources.

-Working with an industry working group, define how the survey tool will be used both improving the infrastructure and in any regulatory actions. The tool set will fail, if there is no consensus among the stakeholder groups. A solid survey tool set for both self-assessments will provide a data driven way for the industry to determine where to focus research, standards development, training, staffing, and operational improvements for the industry. With the rapid changes in the environment this will allow the better deployment of scare resources.

Looking where we are, and what is likely to be ahead, I am grateful to several colleagues at the IEEE Smart Grid initiative, Energy Thought Summit (ETS), U.S. DOE, EPRI, EEI, NRECA, Munis, FERC, NARUC, NERC, PUCs, and elsewhere with insightful analyses and feedback from industry leaders. All these measures and more could be facilitated in more transparent, participatory, and collaborative ways. Discussion among government agencies, transmission and distribution asset owners, regional transmission and independent system operators and their members to improve stakeholders’ understanding of mutual interactions, impacts and benefits. Fortunately, most of the same technologies developed to address other system vulnerabilities can improve power system security as well. But the electricity infrastructure will also require power system-specific advanced technology. Assuming individual utilities are already taking prudent steps to improve their physical security, technology can help by increasing the inherent resilience and flexibility of power systems to withstand a wide range of terrorist attacks, physical or cyber, as well as natural disasters and other unforeseen events.

Increased emphasis at the state and federal level are combined with heightened needs for more innovative and better ways, to enable and protect economic growth and secure our nation and the world while preserving individual privacies, our values, and our way of life. So the key question is - Can we build non-intrusive yet high-confidence tools, systems, processes, and laws that increase our security/resilience AND (it is an AND not an “or” option) preserve/extend our civil rights and liberties? Policymakers, industry leaders, and key stakeholders should heed this advice to ensure the security, defense, and resilience of these vital energy and commercial networks.

This article was also published in the December 2015 IEEE Smart Grid newsletter.

About the Author

Photo of Dr. Massoud Amin

Massoud Amin, DSc

Director, TLI
Honeywell/Harold W. Sweatt Chair in Technological Leadership

Honeywell/Harold W. Sweatt Chair in Technological Leadership

Since 2003, Dr. Massoud Amin has been with the University of Minnesota as Director of the Technological Leadership Institute, professor of electrical and computer engineering, and Honeywell/H.W. Sweatt Chair in Technological Leadership. While some know Dr. Amin as “father of the smart grid,” he teaches several courses each year at TLI, has authored or co-authored more than 200 research papers, and serves on the editorial boards of six academic journals.

My answer, in short, is that the sky is not falling but on the other hand, we are not yet bulletproof. We must also recognize that every utility’s efforts contribute to the quality of life, economic stability and, thus, the security of our nation.

Stay Informed

Subscribe to receive the latest TLI articles, news and events

Stay Informed

Stay Connected