Protecting critical electric infrastructure from today’s cyberthreats

A day doesn’t go by without headlines in the press about new cyberthreats facing our nation or our allies overseas. It is no secret that the focus of many of these threats is critical infrastructure such as our electric grid, which is essential to the life, health, safety, and economic security of all Americans.

The men and women of the electric utility industry take their charge to protect the electric grid from all evolving threats very seriously. Every day they are working to improve the security, reliability, and resiliency of the grid. Yet, the work that is happening behind the scenes is often overlooked.

Protecting our critical infrastructure in today’s threat environment is no easy task, since sophisticated cyberthreats are constantly adapting and evolving. Our security strategies also must constantly evolve and must be closely coordinated with the federal government. Electric utilities are experts in running the grid, and the federal government has law enforcement and intelligence-gathering capabilities. By working together, industry and government greatly enhance our nation’s ability to defend and protect against threats.

The Electricity Subsector Coordinating Council (ESCC) serves as the principal liaison between the federal government and the electric utility industry, with the mission of coordinating efforts to prepare for, and respond to, national-level disasters or threats to critical infrastructure. The ESCC includes utility CEOs and trade association leaders, representing all segments of the industry, and senior government officials. Underlying the industry-government partnership is a mutual understanding that the protection of critical infrastructure is a shared responsibility. It allows both parties to better understand how each plans for and responds to incidents and improves communication with the American people. 

The ESCC’s actions are recognized by the National Infrastructure Advisory Council as a model for how critical infrastructure sectors can partner effectively with the government.

Recent events have demonstrated the critical importance and the value of our expanded partnership through the ESCC. The incident late last year in Ukraine is a prime example. The industry was made aware of the BlackEnergy malware in October 2014. Since then, electric utility officials have worked with the government through the ESCC and the Electricity Information Sharing and Analysis Center (E-ISAC) to improve situational awareness and to share information on an ongoing basis on actions to mitigate vulnerabilities from this threat.

Considering the potential for harm and the ever-changing nature of threats, we must play both offense and defense. We continue to undertake a full range of enhanced security and resiliency initiatives, including strengthening our spare equipment programs and mutual assistance networks; developing a cyber mutual assistance program; conducting sector-wide exercises, such as the North American Electric Reliability Corporation’s GridEx; coordinating our efforts with other critical infrastructure sectors; and enhancing the E-ISAC and machine-to-machine threat information-sharing capabilities. Cooperation and coordination from all stakeholders are essential to make these efforts meaningful and effective in protecting the grid.

While there is no such thing as infallible security, we realize the stakes are high. We must continue to work with our government partners to improve coordination, and our industry will continue making important investments to improve the security, reliability, and resiliency of the grid in the face of any threat.

Tom Kuhn is the president of the Edison Electric Institute (EEI), the association that represents all U.S. investor-owned electric companies. Our members provide electricity for 220 million Americans, operate in all 50 states and the District of Columbia, and directly employ more than 500,000 workers. For more information, visit www.eei.org or follow us on Twitter @Edison_Electric.