Defending America’s Electric Grid

Paul thank you for joining me today you
recently finished a paper for us on emergency orders to protect the electric
power grid what are emergency orders and how do
they help protect the grid well first of all thanks to APL for giving me the
opportunity to conduct this study in 2015
Congress amended the federal Power Act which the big legislation governing the
power grid to give the Secretary of Energy far-reaching new emergency
authorities that essentially allow the secretary to tell power companies to do
whatever the secretary thinks is necessary to protect or restore the
reliability of the power grid this is a vast grant of power and it’s potentially
scary right what are the nine scariest words in the English language according
to President Reagan I’m from the government and I’m here to help I’m here
to help so unless the electric industry itself partners together with the
Department of Energy to figure out in advance what these emergency orders
should do that actually help defend the grid we’re going to miss a great
opportunity to build resilience what’s up that’s a great lead into my next
question Paul which is this is an interesting confluence of Industry and
government having to work together on this can you talk about how these two
sectors work together to provide protection against these kinds of
attacks well nobody ever bought stock in exelon or Southern Company or some other
power company in order to help defend the United States against a cyberattack
and yet we find that power companies are absolutely vital to national security
because they provide the power upon which Department of Defense
installations depend so bad guys know if they can cut off power then they have a
chance to degrade us defensive capabilities that’s why power companies
need to play such a vital role now in national security even though that’s not
really their job their job is to keep the lights on but now their job also is
to stand up to potentially catastrophic attacks
from Russia China or other potential adversaries in a way that doesn’t look
like resilience against a hurricane so this resilience against man-made
attacks what is it that the emergency orders bring to help solve some of the
issues well emergency orders can’t help ensure that on a nationwide basis in
addition to the voluntary measures that power companies would be taking that
utilities across the board are executing emergency operations that are best
positioned to deal with a particular attack vector that some adversary is
sending over here and fortunately the power industry already has extensive
plans and capabilities to protect the reliability of the grid if there’s a
disturbance from whatever caused above all the power industry is well prepared
to prevent cascading failures from spreading from one part of the United
States into others in the way that occurred in the 2003 blackout that
affected major portions of the central and eastern United States they have
excellent plans and capabilities already against natural hazards to prevent
cascading failures that’s the foundation on which power companies and do II can
build in order to be prepared to protect grid reliability to prevent cascading
failures if adversaries launch catastrophic cyberattacks Paul you talk
about how even the very existence of strong operational plans can help thort
cyberattacks can you say more adversaries are going to attack the grid
not only to create catastrophic blackouts but to try to disrupt us
defense capabilities to for example harm our ability to project power abroad and
to hold us public health and safety at risk we need to ensure and emergency
orders can help ensure that power companies are able to sustain the flow
of power to water utilities to regional hospitals to military bases to all those
assets that are especially important to keep up and running if adversaries
the grid that’s what emergency orders can do that’s going to be especially
valuable it’s from a sense of nationwide priorities how do you protect grid
reliability so that we continue to serve those critical functions and then if
heaven forbid blackouts occur more rapidly restore power to those essential
assets you put a heavy emphasis in your paper here on crafting orders and then
practicing them well ahead of time why well the worst possible time to start
drafting an emergency order is in the middle of a cyber attack we need to
anticipate the risk that adversaries will

strike and right now in peacetime
where we could get together at APL where we can work together between the power
industry and the Department of Energy and other government agencies begin to
say how can these orders be crafted in a way that’s most helpful to the utilities
are going to have to implement them and once we have these general plans then
each utility which has his own special system typography and constraints and
customers they’ll take that overall plan they’ll say well hey now we have a
chance to build contingency plans to implement these orders in ways that
makes sense for us the structure of our networks and our systems and the
customers we need to serve and then once they have those contingency plans to
implement emergency orders then we can exercise them and things that aren’t
exercised aren’t real gotta exercise everything under ideally realistic
conditions so that we can make sure that we have the capabilities that we’re
gonna require so what do you see is the big hurdle to realizing the goals you
set out in the paper in order to develop emergency orders and in order to create
contingency plans to eliminate them that’s going to require time and
expertise a lot of man-hours on the part of industry as well as do-e how much
money did Congress appropriate to help industry defray these costs zero big fat
nothing at a time when demand for electricity is flat a lot of
our companies are struggling so first of all we need to find how we can move
forward despite these constraints but I think there are opportunities to do so
because power companies their leaders their employees they’re patriotic they
know they’re part of national security now they’re getting great assistance and
support from the Department of Energy so I think there’s a basis for moving
forward into this new realm and to operationalize public/private
partnerships not just to have occasional meetings which are good in order to
figure out what kinds of regulatory policies make sense traditional areas of
discussion between government and industry but provide for unity of effort
during cyberattacks so that we can play defense effectively with government and
the private sector working together good so talk to me about deterrence well if
we are sure and if adversaries also believe that our
power companies can partner with government to sustain the flow of
electricity to critical defense installations that are going to project
power abroad or potentially strike adversaries directly if adversaries know
that we can sustain those power flows they may think ha we’re not so sure
anymore that we can achieve the objectives that we’ll have in striking
the grid we can increase deterrence by denial we can raise doubts in the minds
of the adversary that they can achieve the goals they’d have in striking the
grid while at the same time making sure that if they attack anyway we’ll be able
to impose unacceptable costs on the adversary because our defense
installations still have the power they need no matter how long a campaign might
last very good well Paul thank you thank you for your
work thank you for the great paper and thank you for answering a few questions
well thanks to you and special thanks to all of the analysts and experts at the
Applied Physics Laboratory who helped me write this paper you go to the
acknowledgment section you’ll see I’ve got a dozen of colleagues from AP
in addition to power companies who helped me understand how to move forward
so thanks to APL

Leave a Reply

Your email address will not be published. Required fields are marked *

4 × 3 =