Incorporating automation into the U.S. electric grid can both improve recovery capabilities in the event of an outage and present new cybersecurity dangers, according to a recent National Academies of Sciences, Engineering, and Medicine (NAP) report.

“There has been significant growth in instrumentation and automation at the level of the high-voltage, or bulk, power system,” the report said. “This allows the system to operate more efficiently and provides system operators with much better situational awareness; this can improve reliability and resilience in the face of outages, but this added complexity can also introduce cybersecurity vulnerabilities.”

Join us at the sixth annual Cyber Security Brainstorm on Sept. 20 at the Newseum to discuss the cyber strategies and opportunities that can keep our Federal government one step ahead at all times. Click here to learn more and register.

The report was created by the NAP’s Committee on Enhancing the Resilience of the Nation’s Electric Power Transmission and Distribution system, supported by the Department of Energy, and examines the dangers of and solutions to large-area, long-duration outages, which last three or more days and affect multiple states.

“The electric power system is a complex ‘cyber-physical’ system composed of a network of millions of components spread across the continent,” the report said. “When such major outages do occur, economic costs can tally in the billions of dollars and lives can be lost. Hence, there is a critical need to increase the resilience of the U.S. electric power transmission and distribution system–so that major outages are less frequent, their impacts on society are reduced, and recovery is more rapid–and to learn from these experiences so that their performance in the future is better.”

The report notes that outages are an inevitability for the electric grid, but that providers should focus on practices that improve the resiliency of the system.

“These include improving the health and reliability of the individual grid components (e.g., through asset health monitoring and preventive- and reliability-centered maintenance), improving system architectures to further reduce the criticality of individual components, better simulating high-impact events, and considering the criticality of the grid’s underlying cyber infrastructure,” the report said. “Further work can be done in the area of real-time operations to enhance resilience. This includes situational awareness in the control room, with a focus on severe events and an inclusion of the cyber infrastructure, adding more wide-area monitoring and control, and developing control systems that better tolerate both accidental faults and malicious attacks.”

The report also finds that most parties involved in the electric grid do not have the time or resources to deal with long-term dangers to the grid.

“Hence the United States needs a process to help all parties better envision the consequences of low-probability but high-impact events,” the report said. “One of the best ways to make sure that things already in place will work when they are needed is to conduct drills with other critical infrastructure operators through large-scale, multisector exercises. Such exercises can help illuminate the areas where improvements in processes and technologies can substantively enhance the resilience of the nation’s critical infrastructure.”

Read More About
More Topics
Jessie Bur
Jessie Bur
Jessie Bur is a Staff Reporter for MeriTalk covering Cybersecurity, FedRAMP, GSA, Congress, Treasury, DOJ, NIST and Cloud Computing.