Cyber threat to power grid "isn't like the credit system" says former FERC chair

Cyber-snooping of the U.S. power grid by foreign powers is old news to the security industry (as we report today) and according for former Federal Energy Regulatory Commission Chairman Pat Wood has been on the federal government’s agenda for some time.

“It was one of my top 3 issues in my last 18 months in office, although for obvious reasons not one I discussed in public,” Wood said in an e-mail interview with the Chronicle. “And know that the work we have been doing wasn’t committee reports and chat-fests but hard core R&D and constant systems testing.”

Wood, a former Texas Public Utility Commission Chairman held the FERC role from 2001 until July 2005. He said in 2004 while setting up the Reliability Division at FERC in the wake of the 2003 blackout and trying to get mandatory reliability standards and enforcement power from Congress, he heard from several trusted sources about the importance of cybersecurity.

“This led me to the Argonne National Lab in Idaho Falls, which was/is a key center of knowledge in this area.” Wood said. “I was concerned about what I heard and began work immediately with utility leadership thru NERC to address our vulnerabilities. The newly formed Dept of Homeland Security got very involved, too and we had a number of high level private meetings on this issue.”

When Congress passed the Energy Policy Act in 2005 FERC was put in charge of approving and enforcing mandatory grid reliability standards developed by NERC. After a long industry comment period, the standards became final last year and are now in effect.

“I wish we would have started earlier, as there are so many entry points in the grid,” Wood said. “But the philosophy for these standards is a practical one: assume an intrusion will happen, and mitigate the impacts of such an intrusion by redundancy and additional control screens.
“I’d hoped we would never have to read about this but now that it’s public, I think people need to know that this isn’t like the credit system/ banks or the California energy market. This time the government was on top of the issue well before it became a problem.”

The current PUC Chairman, Barry Smitherman, is also aware of the issue as he was on the Department of Energy Electricity Advisory Committee, which issued this report in January about so-called “smart grid” technology being rolled out in Houston by CenterPoint Energy, Dallas by Oncor and other cities.
The report generally lauds the advent of a high-tech grid but also warns of its vulnerabilities:

“However, many of the technologies being deployed to support Smart Grid projects–such as smart meters, sensors, and advanced communications networks– can themselves increase the vulnerability of the grid to cyber attacks. Accordingly, it is essential that Smart Grid deployment leverage the benefits of increased threat awareness while mitigating against heightened security concerns. It will be a difficult task, but one that can be addressed by being aware of the risks and leveraging security best practices from other industries.”