The electric grid faces threats on several fronts--most pressing of which are cyberattacks and natural disasters. And, although it may seem counterintuitive, investments that are helping to make the grid more resilient to one of those threats are making it more vulnerable to the other.
Grid modernization is the catchall term for a wide variety of initiatives aimed at moving the analog, 20th century electric grid into the age of the smartphone. Many of these efforts involve the introduction of new "smart" components that enhance the flow of data to grid operators, providing them with heightened operational awareness and the ability to detect and correct grid anomalies before they lead to outages. Ultimately, these technologies help create a more reliable and efficient electric grid.
State legislators are enacting policies that encourage and facilitate grid modernization, often starting with the use of smart meters before addressing policies that allow grid operators to shape supply and demand. The pace of these changes, however, varies significantly by state and utility. In many cases, technological developments and consumer preferences are outpacing public policy.
This is where cybersecurity concerns come into focus, because even as these new technologies offer significant improvements in grid operations and enhance flexibility, they also substantially increase the grid's vulnerability to potential attacks. Whereas two decades ago, operations and information technology were isolated from each other, these new pieces of internet-enabled hardware and software are located throughout the system, connecting operations and IT in ways previously unseen.
The federal government is addressing cybersecurity through the Federal Energy Regulatory Commission, the entity responsible for regulating the interstate transmission of electricity. The commission has developed and approved mandatory cybersecurity standards for the bulk power grid, while the Department of Energy is developing a national energy cybersecurity plan that's expected to be released late this year. Despite these federal cybersecurity standards, more than 80% of the grid's total assets fall largely under state jurisdiction. States have begun addressing these vulnerabilities by creating task forces, establishing cybersecurity standards and reporting requirements, and preparing for service disruptions and emergencies. But one largely unresolved issue is how to adequately...