The concept of protecting electric system critical infrastructure is longstanding and deeply ingrained in the industry. Almost any utility worker will tell you that her or his primary duty is "keeping the lights on." Threats to electric infrastructure include severe weather, physical and cyber attacks, electromagnetic pulses, geomagnetic disturbances, interdependence with other critical infrastructure, such as telecommunications, fuel and water, pandemics, human error, and uncontrolled (cascading) operational failures on neighboring systems.
Given the lack of storage, the speed of transmission, and the interconnectedness of the system, there are few other types of infrastructure, telecommunications being perhaps the only exception, where the impact of a failure is felt so widely, so quickly. For example, on August 14, 2003, the contact between a tree and a wire in Ohio at 2:02 p.m. set off two hours of increasing instability of the grid in the Cleveland-Akron area, which by 4:05 p.m., could no longer be controlled, resulting in a cascading blackout affecting approximately 50 million people in the northeastern United States and Canada ("the 2003 Northeast Blackout").
The 2003 Northeast Blackout, like the massive blackout that affected the Northeast in 1965, became a turning point. The 1965 blackout spurred the growth of power pools and increased cooperation among utilities. The 2003 Northeast Blackout resulted in legislation that set the framework to transform the North American Electric Reliability Council, an industry-run organization that relied primarily on voluntary cooperation among utilities, into the North American Electric Reliability Corporation (NERC), an independently funded reliability organization tasked with developing and administering mandatory reliability standards (Reliability Standards), subject to oversight and enforcement, including civil penalty assessments, by the Federal Energy Regulatory Commission (FERC).
In the area of critical infrastructure protection (narrowly defined), the Reliability Standards include measures for perimeter control of critical assets and reporting of threats; other Reliability Standards specify operational safeguards ranging from training requirements to relay settings. In September 2011, FERC proposed to adopt revised cybersecurity standards that, among other things, would impose "bright line" criteria for identifying critical assets. Notwithstanding these efforts, grid security is an elusive prey.
As recently as September 8, 2011, a blackout originating in Arizona caused a loss of power to southern California, parts of Arizona, and Mexico's Baja peninsula, including every customer of San Diego Gas & Electric Company. Ultimately, protection must include both efforts to prevent problems from occurring, and enhancing the grid's ability to withstand and recover from those stresses that cannot be avoided.
Click here to download PDF.
This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.