Now state regulators are considering how to enforce cybersecurity



Quick Take:  Not long ago, I let you know that the CIA and NSA want a say in how utilities manage cybersecurity. And that the Department of Homeland Security wants to be involved in utility cybersecurity too. Now an article from Environment & Energy Publishing documents how state regulators are planning to get involved as well. - Jesse Berst


The public utility commission for the District of Columbia has never made a detailed review of the cybersecurity defenses maintained by Potomac Electric Power Co. (PEPCO). But that's about the change, says its chairwoman, due to the urgency of the cybersecurity issue.


The commission plans to go through a list of security questions prepared by the National Association of Regulatory Utility Commissioners (NARUC). "If they come after us, the utilities can't move as fast as the adversaries," warns Miles Keogh, NARUC's director for grants and research. "In response, utilities and regulators must move to a risk-management approach that is data-based and intelligence-based."


As cyber and physical threats to the grid continue to grow, more and more state regulators are considering explicit oversight of utilities under their jurisdiction.