As we close out the year, EPSA and the power generators represented in our membership continue efforts to secure the nation’s electric system from cyber and physical attacks.
In November, competitive power generators joined other representatives throughout the electric sector in GridEx VII, the seventh biennial convening of the largest grid security exercise in North America, hosted by the North American Electric Reliability Corporation (NERC)’s E-ISAC. EPSA participates in the E-ISAC – the Electricity Information Sharing and Analysis Center – which allows industry representatives to communicate, gather, and analyze security information to better guard against and respond to threats. The exercise gathers electric company leaders and federal and state government officials to test how they coordinate and respond to simulated cyber and physical security attacks. NERC Senior Vice President Manny Cancel, CEO of the E-ISAC, noted in a press release that, “Although, the E-ISAC is not aware of any specific credible cyber or physical threats to the North American grid, the threat landscape in which we are operating is unprecedented – we are facing challenges that are increasingly difficult to detect and protect against.”
In President Biden’s Proclamation on Cybersecurity Awareness Month this October, the President noted his commitment to making cybersecurity a national security priority and highlighted his efforts to implement mandatory cybersecurity standards for critical infrastructure.
In addition to the voluntary measures EPSA members take to secure their operations, they are also used to operating under outside oversight as the bulk electric system (BES) has been subject to North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Standards since 2008.
The CIP program coordinates all of NERC’s efforts to improve the North American power system’s security. Beyond the development of standards, these efforts include compliance enforcement, risk and preparedness assessments, critical information dissemination, and key security issue awareness. The program applies to all entities that materially impact the reliability of the BES including owners, operators and users of any portion of the system. Under the CIP program, entities are required to identify critical assets and to regularly perform risk analyses of those assets. CIP standards gain further strength from the Federal Energy Regulatory Commission (FERC), which has oversight and approval authority over this regime and is therefore well informed of the extensive work taking place at NERC in the development of new standards and constant improvement of existing standards.
EPSA and our member companies continue their commitment to securing all aspects of the power system and providing reliable electric service. We have provided recommendations to inform regulatory activity intended to support grid security and will continue to engage with all relevant government authorities, decisionmakers, industry partners, and other stakeholders to keep our power grid strong.