Regulators Want More Authority Over Grid Security

Regulators from the Federal Energy Regulatory Commission (FERC), DOE, and the North American Electric Reliability Corp. (NERC) told a House subcommittee this week that they do not currently have the authority to move quickly against threats to the electric grid, and offered support for legislation that could correct the deficiency.

The two pieces of legislation they were referring to are HR 2165, the Bulk Power System Protection Act of 2009, and HR 2195, an amendment to the existing Federal Power Act.

Joseph McClelland, director of FERC's Office of Electric Reliability, told the House Energy and Commerce subcommittee that FERC's existing authority is inadequate to deal with cyber or other national threats to the U.S. power and transmission system. He said those threats are "an increasing risk to our nation's electric grid" and urged Congress to address that risk immediately.

David Cook, NERC's vice president and general counsel, said the pending legislation addresses the shortcomings in current law, and agreed that regulators lack adequate authority to combat cybersecurity threats against the electric grid.

The regulators aren't the only ones getting vocal about grid security issues. With $3.4 billion in Smart Grid stimulus grants awarded Tuesday, more than a few critics are saying that there is no way of knowing if smart meters and other components that received funding are actually safe from attack.

Wired, the popular technology magazine and online periodical, noted the announcement earlier this week of an $18.8 million grant to fund a five-year research project at four academic institutions focused on securing the electric grid. The problem, the magazine points out, is that untested and unsecured technologies will already have been deployed by the time the research project has concluded.

Others have been critical of the DOE response to queries regarding its security requirements for companies applying for Smart Grid money. From the outset, the DOE required applicants to provide a list of known security risks and their solutions.

DOE has said that Smart Grid security issues are well in hand and that at least two interoperability and security experts had examined each application. But a DOE spokesman's refusal to identify the experts simply added fuel to the arguments from critics that there is no guarantee the new technologies are secure.

   Quick Take: Our story could have gone on much longer. This issue certainly will. DOE says everything is under control; and critics say it's not so and want real-time security audits for utilities and distributors. From the outset, the theme has been that security needs to be built into the system from the very beginning. It has been demonstrated that addressing security issues after the fact are, in addition to being extremely expensive, not as effective.

   Government Computer News article

   Wired news article

   Smart Grid security resources on SGN