• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Electric Power Supply Association

  • About EPSA
  • Contact
  • FAQ
EPSA

EPSA

  • Filings
    • Federal Energy Regulatory Commission
    • Federal
    • Judiciary
    • State
    • ISOs/RTOs
  • Newsroom
    • Press Releases
    • Factsheets and White Papers
    • Opinion and Commentary
    • Social Media
    • Media Contacts
  • Competitive Solutions
    • Reliable Power
    • Cost Savings
    • Environmental Progress
    • Energy Innovation
  • For Members
    • EPSA Membership
    • Committees
  • PowerFacts Blog

January 27, 2021

Lessons From SolarWinds: How Competitive Power Suppliers Are Further Strengthening America’s Power Grid

By Bill Zuretti

Home / PowerFacts Blog / Lessons From SolarWinds: How Competitive Power Suppliers Are Further Strengthening America’s Power Grid

Bill Zuretti is director of regulatory affairs and counsel at EPSA.

This image has an empty alt attribute; its file name is Cybersecurity-Graphic.png


In the wake of the SolarWinds Supply Chain Attack, business and government leaders across the globe are charting a path forward. While EPSA and its member companies do not believe they were impacted by this breach, we are proactively working to understand the scope of the incident and gird IT and electric infrastructure against future intrusions. 

As part of their mission to provide reliable power to Americans and protect customers, EPSA member companies take very seriously the cyber and physical security of their operations and the electric grid.  

The Electric Industry and Government Are Working Together to Respond 

Protecting America’s power grid from security threats is a team effort across the energy industry and government. Along with our utility, public power, and co-operative industry partners, competitive power suppliers are a key player in shielding against, preparing for and responding to incidents. 

EPSA’s CEO sits on the Steering Committee of the CEO-led Electricity Subsector Coordinating Council (ESCC). The ESCC serves as the principal liaison between the federal government and the electric power industry on efforts to prepare for, and respond to, national-level disasters or threats to critical infrastructure. Through the ESCC, we are working closely with our counterparts from other segments of the electric industry and with government partners, which includes senior administration officials from the White House, cabinet agencies, federal law enforcement, and national security organizations.  

Immediately following news of the SolarWinds breach, the ESCC sprang into action and conducted a situational awareness call with its members. In the days after this call, the ESCC stood up a “Tiger Team” to continue to address this incident. This “Tiger Team” is comprised of security experts from across the electric sector and includes EPSA staff and representatives from our member companies. The team has been sharing information, best practices, and recovery tools to aid each other in response to the breach. This team is also working to stage a series of webinars and compile best practices and response tactics. Our aim is to emulate our sectors’ preparation for and response to the COVID-19 pandemic, which helped keep the lights on and protect energy workers throughout the crisis – and has been widely praised by industry and government. 

EPSA Member Companies Already Had Extensive Cyber and Physical Security Measures in Place 

Beyond our collaboration with the ESCC and other government agencies, competitive suppliers also continue to share information with industry stakeholders on security data gathering and analysis, incident management coordination and communicating mitigation strategies.  

Information Sharing and Coordination: EPSA is a member of the Electricity Information Sharing and Analysis Center (E-ISAC), which is the primary security communications and collaboration channel for the electricity industry and enhances its ability to prepare for and respond to cyber and physical threats, vulnerabilities, and incidents with the U.S. Department of Energy and the ESCC. The E-ISAC also gathers, analyzes, and shares security information provided by members and partners; coordinates incident management; enables member- to- member sharing; and communicates mitigation strategies with stakeholders across interdependent sectors and with government partners. 

Preparedness Events: In addition to information sharing, EPSA members participate in regular trainings and simulation events. GridEx, for example, is a distributed play tabletop grid exercise that allows participants to engage remotely. The exercise simulates a cyber and physical attack on the North American electricity grid and other critical infrastructure.  

Risk Assessments: Competitive suppliers also contract with third party vendors to conduct regular, proactive cyber compromise assessments. In addition, as the world and the grid continue to evolve to accommodate new energy resources, EPSA members conduct risk assessments on all new technologies that are brought into their systems.  

Protective Measures: Further, both as part of NERC’s Critical Infrastructure Protection (CIP) regime and through their broader information security protocols, EPSA members have already implemented robust processes to protect cyber and company data related to limited product development or source code in compliance with NERC reliability standards in the least. In addition to these measures, EPSA members utilize protocols – which can include Sanctions Act validations – in order to ensure that they are protecting sensitive or critical data.  

A New World May Require a New Market Paradigm  

In order to enhance reliability and protect against cyber threats while providing least cost electricity to customers, new market design tools may be needed. 

Competitive suppliers recover costs through multiple organized wholesale markets. But currently, markets come with parameters for which costs can and cannot be included in supplier bids. Accordingly, should additional unforeseen costs be imposed upon competitive suppliers in order to protect the electric system broadly or to address new risks, it may be reasonable that these costs be recovered on a regional or system-wide basis.  

This will allow the competitive power markets to continue their intended purpose: to bring reliable electricity at the least cost to meet America’s needs. 

The Path Forward  

As the SolarWinds breach shows, while cyber and physical security issues can arise from individual decisions or errors, these issues can affect much broader swaths of the economy. For this reason, all participants in the supply chain must continue to focus on threats to the system as a whole, in addition to the individual parts under their control.  

Any day with a service disruption is a day that a competitive power supplier is not able to provide reliable, least cost, cleaner electricity to customers – interrupting Americans’ ability to go about daily life, conduct business and keep critical emergency services online.   

On both the cyber and physical fronts, EPSA member companies remain deeply committed to producing safe, secure and reliable energy to customers across the country and support our nation’s economic vitality. 

Learn more about EPSA’s Cybersecurity Efforts. 

Filed Under: PowerFacts Blog Tagged With: competitive electricity markets, Competitive power suppliers, cyber, cybersecurity, electric grid, EPSA, markets, SolarWinds

Primary Sidebar

  • Press Releases
  • Factsheets and White Papers
  • Opinion and Commentary
  • Social Media
  • Media Contacts

Share

Footer

EPSA

1401 New York Ave. NW
Suite 950
Washington, DC 20005

p 202.628.8200
f 202.628.8260

  • Facebook
  • LinkedIn
  • Twitter
  • Home
  • About EPSA
  • Filings
  • Newsroom
  • For Members
  • Contact
  • PowerFacts Blog
  • FAQ

Copyright © 2021 | Electric Power Supply Association. All rights reserved. | Privacy Policy >