From Extreme Weather to Cyber Attacks - Ensuring the Resiliency of North America's Electricity Grid
Last week at the 2016 CAMPUT conference in Montreal, attendees were invited to consider the impact of the extreme weather and intentional attacks on North America's electricity grid and what measures may be taken to mitigate against these risks. The panel featured Colette D. Honorable, Commissioner of the U.S. Federal Energy Regulatory Commission (FERC), Gerry Cauley, President and CEO of the North American Electric Reliability Corporation (NERC) and Byron Williams, Director of the Public Interest Law Centre in Winnipeg, Manitoba. The panelists discussed balancing the need to strengthen the grid to withstand emerging threats against the prudency of increased costs for such investments.
Ms. Honorable discussed the standards to address grid reliability and resiliency, which have been developed at the direction of FERC. FERC is an independent agency that regulates the interstate transmission of electricity, natural gas and oil in the U.S. Ms. Honorable discussed how, prior to the northeast blackout in 2003, reliability standards for power systems in the U.S. were voluntary. After the blackout, the U.S. government enacted the Energy Policy Act of 2005 (EPAct) which granted FERC the authority to oversee the creation of mandatory reliability standards for the national electricity grid. In respect of emerging threats, Ms. Honorable advised that FERC has approved a number of critical infrastructure protection standards, including in relation to cybersecurity and physical security.
Ms. Honorable recommended several resources relating to grid resiliency and emerging threats, including Resilience for Black Sky Days by Dr. Paul Stockton, Resilience in Regulated Utilities and Cybersecurity for State Regulators both by Miles Keogh and Christina Cody, NARUC Grants & Research, and the Report on the FERC-NERC-Regional Entity Joint Review of Restoration and Recovery Plans.
Mr. Cauley described NERC's work identifying optimal grid resiliency capabilities before, during and after an event such as severe weather, physical attack or cyber attack. NERC is the electric reliability organization for North America and is responsible for developing and enforcing reliability standards for the bulk power system across the continental United States, Canada and the northern portion of Baja California, Mexico. Mr. Cauley's presentation (available here) listed examples of capabilities needed to resist and recover from a severe risk event, including:
- Preparation and Hardening: severe event plans, training and exercises; coordination with local law enforcement and first responders; coordination with local, provincial and federal emergency response agencies; black start and restoration resources; cyber and physical security protection of critical assets; and structural or configuration changes to reduce facility criticality;
- Capabilities Needed During Event: advanced warning system (e.g. space and weather services); internal and external communications systems and protocols; media and public relations; and government-industry coordination; and
- Capabilities Needed for Post Event: spare equipment inventories and deployment readiness; qualified personnel for various recovery scenarios (e.g. storm vs. cyber vs. physical attack); logistics and transportation support for restoration crews; and public safety and essential services.
Mr. Cauley emphasized that there are too many variables and limited resources to approach each individual possible threat event. Rather, Mr. Cauley stated what is more manageable and efficient, and the approach followed by NERC, is to develop risk profiles for categories of threats (i.e. weather, physical or cyber attack) and use those as a basis upon which to build response plans.
Mr. Williams' presentation (available here) spoke to the need to ensure consumer confidence in any grid resiliency investments. Mr. Williams stated that consumers need to feel confident about the need for, and scale of, investments in resiliency and offered examples of practices that either develop or undermine consumer confidence.
Mr. Williams stated that a key step to develop consumer confidence included providing an evidence-based assessment of the likelihood and magnitude of the proposed risk. Consumers need more than general statements of "apparent increases" in extreme weather events; they need scientific reporting on which risks are significantly more likely and where are they more likely to occur. Mr. Williams cited the example of the U.S. Environmental Protection Agency's website Understanding the Link Between Climate Change and Extreme Weather.
Mr. Williams highlighted a number of steps that undermine consumer confidence in investments in resiliency, including:
- Denying consumers a participatory voice in deliberations;
- Employing scare tactics rather than demonstrating that resiliency programs are reasonable, prudent and in the consumer/public interest;
- Using cost "guestimates" leaving ratepayers to bear the risk of contingency estimates; and
- Using resilience and reliability as a "cover" for other objectives.
Mr. Williams closed his presentation with the question of whether ratepayers should pay for resiliency investments in the grid or are these investments "table stakes," that is, investments that utilities ought to be making without additional charges flowing through to consumers?
Overall, the panel provided insight into the creation of grid reliability and resiliency standards and identified a number of specific capabilities needed to mitigate against, respond to, and recover from emerging threats. Additionally, the panel offered practical suggestions of steps that utilities can take to garner consumer support for investments directed at meeting these standards and achieving these capabilities.