The New National Electric Grid Security and Resilience Action Plan
In December 2016, the White House announced its new National Electric Grid Security and Resilience Action Plan. The plan serves as a checklist regarding the steps federal agencies are required to take to enhance the resilience of the electric power grid of the U.S. to withstand cyberthreats, physical attacks and natural disasters. While many of these steps were previously contained in existing initiatives, this action plan brings them together in one document to provide operators a more coordinated and efficient approach to electric grid security and resilience. The action plan centers around three strategic goals:
1. Enhancing Protection and Preparedness
The plan recognizes that the ability to reduce and respond to security risks requires enhancing threat and vulnerability information sharing. This type of information sharing will allow the appropriate parties to make more complete risk assessments, especially regarding what constitutes major security events, in order to devise more comprehensive mitigation plans.
It also recognizes that decision-makers need a clearer understanding of how critical systems rely on business continuity to ensure the electric system is functioning at full capacity, and to estimate the financial investments necessary to achieve this. Success in this area will also require more effective coordination with law enforcement.
2. Enhancing Response and Recovery Efforts
Managing and responding to potential events is essential for maintaining electric grid security and resilience; to do so, stakeholders must develop coordinated and formal response plans. These should be drawn up alongside agreements with other utilities so that a coordinated response to events such as cyberattacks can be taken. It’s important to identify dependencies along supply chains so that weaknesses such as an inability to access spare power transformers can be addressed. The end goal of this step is to ensure a more robust recovery capability.
3. Building a Secure, Resilient, Next-Gen Electric Grid
The aim of the third goal is to strengthen the power transmission system against the threats it faces not only today, but also the threats it will face in the future. This requires identifying emerging security threats and developing new models and infrastructure to help make the whole system more resilient.
It’s also important to analyze how the costs of such investments will be recovered, although this will likely require further regulation at both a federal and state level to specify the criteria for this. This part of the plan also emphasizes the importance of training utility company employees on both current and emerging threats.
Translating Grid Security Goals for the Enterprise
Enterprises can look beyond their own walls to gain knowledge and experience about how other sectors manage business resiliency. For instance, the U.S. military provides a great example with the steps it has taken to enhance psychological resilience
It all goes back to information sharing. To accurately gauge the severity of the latest threats and vulnerabilities, it’s important to develop effective strategies to share information among peer organizations and official bodies. Organizations need to work to develop better ways to share information to achieve greater resilience.
Another key takeaway is the importance of developing comprehensive and formal incident response plans. According to the Ponemon Institute, the biggest barrier to cyber resilience is insufficient planning and preparedness. To ensure preparedness, companies must develop actionable and tested plans.
Electricity grids are vital to the continued smooth operation of every nation. This new plan contains many pointers to improve grid security on a national level, but it also contains tips that many businesses would be wise to emulate.