1

By Andy Bochman

PJM, in case you're new to this, is the Pennsylvania-New Jersey-Maryland Interconnection, an RTO that balances power and oversees wholesale transmission markets across thirteen states and the District of Columbia.

When Evers asked the classic "What keeps you up at night?" Boston responded:

Cyber security. It has changed in the last three to four years. It’s no longer just a matter of trying to keep kids out of the system. Making sure we have security built in not bolted on to all of our networks and systems is probably the most important part of what we do. You have to realize this is a new world we’re in. We have to be very diligent, and we need resilience. Resilience is the ability to recover after a breach or intrusion.

Can't help but feel this approach is realistic and fully in tune with the times, especially in light of the numerous cyber security attacks of 2011 that successfully targeted many different sectors.

With or without a forward-leaning CEO, utilities are regulated to think this way to a certain extent. NERC CIP 009 - Recovery Plans for Critical Cyber Assets insists that asset owners make plans for responding when their cyber systems are under attack, including when they fail outright or come under the control of the attacker. NERC also wants to see evidence that regular practice sessions and exercises are being conducted, though I don't know how detailed and realistic these exercises are. Looking at the language of CIP 009 it appears that an exercise of some kind, once a year, may suffice to get a clean bill of health in this category.

In my mind, connecting the dots from the reliability of cyber systems to the reliability and quality of performance of generation, transmission and distribution equipment and revealing the potential impacts to the utility and its customers is the work required to build the case for bolstering resilience efforts.

Greatly appreciate it when senior energy sector leadership articulates practical approaches to dealing with always evolving cyber threats. Feels like a great place to start for 2012.

Andy Bochman is author of the Smart Grid Security Blog and an Energy Security Lead for IBM's Rational division, where the focus is on securing the software that runs the smart grid. Andy is a contributor to industry and national security working groups on energy security and cyber security. He lives in Boston, is an active member of the MIT Energy Club, and is the founder of the Smart Grid Security and DOD Energy Blogs.  

You might also be interested in ...

Security scare - a tempest in a water pump

Silo-busting strategies emerge from smart grid security event