On July 22, 2015, The Federal Energy Regulatory Commission (FERC) proposed new critical infrastructure protection (CIP) standards to address concerns over the cyber threat posed by an increasingly global supply chain. Specifically, FERC is concerned with the potential introduction of vulnerabilities into the grid by the hardware and software components of Supervisory Control and Data Acquisition (SCADA) devices and other grid control systems. This type of vulnerability struck Dell Computers in 2010, when motherboards it procured from an international supplier were shipped containing malware. Although the attack was discovered, it was not until after some products had already been received by customers. Like the computer industry, components of grid control systems are made by a globally diverse supply chain which is largely outside the reach of U.S. regulatory authority.
The power grid has become increasingly dependent on the variety of SCADA devices, PLCs, and control systems that make the modern grid possible. The Utility of the Future will continue to rely on a growing portfolio of “smart” technologies, communication networks, and integrated customer-side resources that are all linked together through communications and data networks. Importantly, the components that make up this integrated platform are provided by a complex and globally distributed supply chain on which the industry is dependent. In addition, many of these technologies are developed outside the oversight of the regulatory construct of the U.S. utility industry.
To achieve the vision of interoperability and maintain a two-way flow of grid and customer-side information, securing the supply chain that manufactures these technologies will be paramount. Utilities and their suppliers must play an active role in helping to shape security standards and take the measures needed to protect against ever-growing threats to these systems. This will require ongoing investment and the dedication of resources to work with FERC, NERC, and the providers of technology and communication services to develop standards and implement solutions that are reasonable but effective at protecting control systems and the broader bulk electric system.
Congressional Research Service: http://www.fas.org/sgp/crs/misc/R43989.pdf
This report is part of the Grid Edge Minute series. To view all featured Minutes, please click here.
Sussex Economic Advisors is now part of ScottMadden. We invite you to learn more about our expanded firm. Please use the Contact Us form to request additional information.