EEI Testimony Underscores Electric Industry Commitment to Security
In March 2018, Scott Aaronson, the Edison Electric Institute’s (EEI) VP for security and emergency preparedness, spoke at the House Energy and Commerce Subcommittee on Energy hearing entitled DOE Modernization: Legislation Addressing Cybersecurity and Emergency Response. You can read a detailed overview of Aaronson’s comments here. What follows below is an abbreviated version.
How the EEI and the Electric Industry Focus on Security
Here are some bullet points from the EEI testimony:
- The Electricity Subsector Coordinating Council (ESCC) was formed to coordinate response to critical national threats and is comprised of the CEOs of 31 electric utilities and trade associations.
- The industry has adopted a “defense-in-depth” approach designed to eliminate any single point of failure.
- EEI condones the industry-wide enforcement of NERC CIP standards, and utilities that fail to comply are subject to heavy fines.
- In addition to the enforcement of regulatory standards, the electric utility industry also embraces various voluntary standards for added security.
- The Cybersecurity Risk Information Sharing Program (CRISP), which uses sensors to gather and analyze cyber-threats, is widely used across the industry.
- The electric sector invests north of $120 billion per year on storm hardening and smart grid initiatives.
- Large-scale exercises and drills are being conducted at an increasing rate, such as 2017’s GridEx, which involved more than 6,000 participants from 400 companies.
- Distributed energy resources like microgrids that are networked together present a unique challenge because they could open up back door access to the broader grid.
All of these bullet points sound good on paper, but the true validation can only play out in the real world. I just hope the EEI bite is as strong as its bark.
Recommended Posts