- The power industry and federal government continue to coordinate on responses to attacks to the power grid, developing a new set of strategies that could include coordinated blackouts to counter a potential cyber threat.
- Other responses being considered by the Electricity Sub-sector Coordinating Council (ESCC) include a stockpile of transmission equipment, utilizing the latest cyberdefenses, coordinating responses between sectors, and developing prioritized restoration plans.
- Last year the North American Electric Reliability Corp. held a widespread simulated attack involving thousands of participants, revealing areas in need of improvement including communications and coordination with law enforcement.
A new type of threat will require new responses, and ESCC — a group of utility executives who serve as the principal liaison between the federal government and industry — says it may be necessary to intentionally blackout some areas in order to counter cyber threats.
Southern Co. Chairman and CEO Tom Fanning, also co-chair of ESCC, spoke last week at a industry conference, saying that isolating a threat could mean that "we're going to have to make some tough calls," EnergyWire reports.
"If we ever get to that point, people are going to have to make some tough choices about what to shut down, how to isolate," he said. "We're going to interfere with commerce, in certain circumstances."
Other response strategies could include stockpiling rare and hard-to-replace transmission hear, improved and modernized cybersecurity, and coordinated responses.
NERC's GridEx simulated attack last year resulted in a similar batch of suggestions, including the need to upgrade the Electricity Information Sharing and Analysis Center and improve coordination with law enforcement.
“Industry continues to take the prospect of a cyber or physical attack on the bulk power system seriously,” said Marcus Sachs, NERC's senior vice president and chief security officer, said in a statement on the simulation's results.
This third time running GridEx, the mock attack had two parts: a simulated large-scale cyber and physical attack scenario designed to overwhelm even the most prepared participants, and a roundtable of discussion on messaging, the collective effort to protect the grid and the use of extraordinary measures for restoring power.
Last year, Lloyd's of London estimated a widespread attack on the U.S. power grid could result in a total economic loss ranging from $243 billion up to $1 trillion in the most damaging scenarios."