Securing the Grid and Your Critical Utility Functions

Abstract

One of the hottest topics in the electric utility industry today is Cyber Security. How can we protect our Nation's critical electric infrastructure from malicious events with intentions that range from crippling our electric system to stealing our customers' private data from the utility billing system? This article will explore some of the options that small electric utilities have for implementing cyber security programs that can be used both on the Operations Technology (OT) side and the Information Technology/Information Systems (IT) side. The article will discuss the industry standards set out by the North American Electric Reliability Corporation (NERC), the National Institute of Standards and Technology, and various other guidance documents. We will present case studies of how small to medium size electric utilities have worked together with OT and IT to implement new cyber and physical protections on their systems. The article will examine the differences in what the Standards require Transmission and/or Generation owning utilities to implement versus where Distribution Only utilities need to place their focus. We will look at risks to control and dispatch centers as well as to the utility corporate network, and discuss ways to close vulnerabilities in those systems, both from a cyber and physical security standpoint. Lastly, the article will discuss the direction that NERC, the Federal Energy Regulatory Commission, and State Agencies seem to be going with future cyber and physical security regulations.