Power Lines Blog

Five takeaways from Grid Security Summit

173499382

By Sue Kelly, President & CEO, American Public Power Association

If you’ve scanned the news lately, you’ve probably seen that cybersecurity is a hot topic — right up there with Ebola, immigration, and Taylor Swift’s dissing of Spotify. From financial institutions and credit card companies to retail outlets and the U.S. postal service, new threats — and safeguards — are evolving every day.

The electricity sector has long been aware of ever-present cyber and physical attack risks and the measures that must be put in place to safeguard our nation’s power grid against all forms of attack. This was very evident at the American Public Power Association’s first-ever Grid Security Summit that took place in early November in Arlington, Virginia.

The summit covered the gamut of grid security issues, from mutual aid to cybersecurity. There was great dialogue and exchange of information among attendees. Industry and government representatives gathered to discuss possible cyber and physical threats, natural or man-made, to our infrastructure and the best ways to tackle them together.

All of us who attended learned from each other and built upon our shared experiences to help the electric sector as a whole. One panel discussion featured representatives from investor-owned utilities, cooperative utilities, the Department of Energy, Department of Homeland Security, and, of course, public power utilities — talk about a public-private partnership!

If you run a utility, here are five important takeaways from the summit.

1. Information Sharing Legislation
Before the 113th Congress adjourns in December, APPA hopes the Senate will pass S. 2588, the Cybersecurity Information Sharing Act of 2014. The information sharing frameworks authorized in S. 2588 — and its companion bill HR 624, the Cyber Intelligence Sharing and Protection Act — will help utilities receive and exchange cyber threat information. Better information sharing will allow utilities to plan more comprehensively to defend against attacks and increase grid security.

2. Disaster Response and Mutual Aid
The summit attendees discussed the lessons learned from Superstorm Sandy in 2012, and how important it is for utilities to be prepared to respond to disasters and to have mutual aid arrangements in place — to get the lights back on as quickly as possible.

APPA has a new Public Power Mutual Aid Playbook to support public power utilities’ future disaster preparation and response efforts. Take this moment to download a copy of the playbook, review the procedures, and identify your regional network coordinators. And if you’re not already a member of APPA’s Mutual Aid Network, join today — email MutualAid@PublicPower.org.

3. Response and Mitigation Resources
There are many resources and activities that can help utilities combat security threats together. Two are especially important.

The Electricity Sector Information Sharing and Analysis Center (ES-ISAC) allows utilities to get early warnings about threats that others in the industry are seeing as well as updates from the Department of Homeland Security or other federal government departments. Utilities can also share threats they observe with the ES-ISAC, so the information can be broadcast to other utilities to put them on alert. Click here to join the ES-ISAC.

SpareConnect is a confidential, unified platform for the entire electric utility industry to communicate equipment needs in the event of an emergency or other non-routine failure. It provides decentralized access to points of contact at power companies so that, in an emergency, SpareConnect participants are able to connect quickly with other participants in affected voltage classes. To learn more and join, email spareconnect@publicpower.org.

4. Who’s Who
ES-ISAC, ES-C2M2, ESCC, DOE, DHS, FEMA, SEWG, NIAC — it’s like alphabet soup. Who are the players in grid security? Who do you pay attention to? Who do you turn to when you need specific types of information, resources, or clearances? Start with an overview from our “Grid Security Who’s Who” infographic and then visit our Grid Security website in a couple of weeks for our Grid Security Dictionary, which will help clear up the various acronyms mentioned earlier.

5. Create a Culture of Security
Make grid security a part of your utility’s culture. Kevin Wailes, the Administrator & CEO of Lincoln Electric System in Nebraska and Vice Chair of the Electricity Subsector Coordinating Council, says we must give security as much importance as we do to safety. Teach employees to think twice before opening an email from an unknown sender. Let them know it’s as important as reviewing safety procedures before working in potentially dangerous areas. Plan drills and exercises on security, so you’re prepared to respond quickly if a physical or cyber attack is attempted.

Has your utility already fostered a culture of security? Do you have other security best practices at your organization? Please share your experiences! Send me an email and let’s keep the conversation going on this important area.

Sue Kelly

Sue Kelly

President and CEO

3 Comments

  1. It would be helpful if APPA has some Best practices that can be shared at some point. I was unable to make the Summit but would be interested if this information is available.

    • Hi Mike — we actually have a number of resources on our website that might be helpful for those who couldn’t make it to the Grid Security Summit. If you go to publicpower.org/gridsecurity, you’ll find a page that is regularly updated with news, resources, and documents, including our Cyber Security Essentials Guidebook and presentations from the summit. If you have other questions, we have some great people on APPA staff who are here to help. For questions related to the summit and some of the takeaways I wrote about, you can reach out to APPA Director of Engineering and Operations Puesh Kumar at pkumar@publicpower.org.

      I hope that helps and thanks for your comment!

  2. The staff of Florida Municipal Power Agency (FMPA) enjoyed reading your recent column in Public Power Weekly titled “Five takeaways from APPA’s Grid Security Summit.” We noted the questions you asked at the conclusion of your article, and we wanted to respond with what FMPA is doing to create a culture of security at our utility.

    · In 2014, we hosted our first cyber security training for all employees. This training introduced a variety of common security topics that employees should be aware of in their day-to-day work.

    · FMPA’s Information Technology Department publishes a weekly article in FMPA’s employee e-newsletter. The article often features security reminders and tips.

    · FMPA’s Information Technology Department attends annual training in cyber security topics and makes sure to share their learning with their colleagues.

    Educating employees about cyber security is a never-ending task, but we hope these efforts are fostering a growing awareness of security among our employees.

    Diane Nelson
    Public Relations Specialist
    Florida Municipal Power Agency

Comment

Your email address will not be published. Required fields are marked *