Industry, Government Urged to Partner on Grid Security

By Rebecca Kern

May 13 — Grid operators, utilities and energy companies say that the energy industry and the federal government need to continue to work together to improve protection of the U.S. electricity grid from cyber and physical attacks.

The specialists spoke during a May 13 Energy Department workshop about the growing number of cyber and physical threats on the electricity grid, especially with the introduction of more microgrids and distributed energy resources that further decentralize the grid, making it more vulnerable.

“I believe [cybersecurity] is a national responsibility,” Curtis St. Michel, a senior control security consultant for the Energy Department, said at the workshop in the DOE's Washington headquarters. “There is a capability out there to corrupt our critical energy systems, and it is one of the functions of various elements of the government to respond to that.”

While there is better data-sharing occurring between the electric utilities and the government, it needs to continue to develop, said St. Michel, who is also the technical director for the Mission Support Center at the Idaho National Laboratory.

“That role of how does the U.S. government help those utilities will be evolving,” he said.

Need for More Government Funding

Several of the electricity specialists said that additional federal funding is needed to harden transmission infrastructure so it can withstand physical attacks from weather events.

John Lawhorn, senior director of policy and economic studies at the Midcontinent Independent System Operator, a regional grid operator in 15 Midwestern states, said a lot of the above ground transmission lines “are very vulnerable” and more federal funding to protect them would be helpful.

“We've got hundreds of thousands of miles of transmission lines that are out in the middle of nowhere, and are carrying a great deal of power,” Lawhorn said at the meeting.

He said MISO has evaluated the possibility of burying the transmission lines underground, but currently this is a very expensive process. He said burying transmission lines should be further considered as a cybersecurity solution, and as more lines go underground, the costs will go down.

Bigger Access Footprint for Cyber Attacks

As the U.S. electricity grid becomes more decentralized—with distributed energy resources, like solar roof panels which generate electricity, connected to the grid—there are more vulnerabilities for cyber and physical attacks.

“The big concern in cyber is always your access footprint, that's one of the main considerations,” St. Michel said. “So as the end points push out into uncontrolled areas, and you have better and better communications to those end points, it increases the number of points with which somebody can access the system.“

He said some mitigations for this larger access footprint is to encrypt more data.

However, he said, “In the end, it’s impossible to defend everything, especially when you're gong to push out this digital boundary. The important piece is to understand what are important functions in your system. But also engineer those systems assuming that someone is going to get in.”

Private-Public Electricity Group

A positive example of industry and government working together to address cybersecurity on the national level has been made within the Electricity Sub-sector Coordination Council, which is made up of energy trade associations, energy companies, utilities, and regional grid operators. The council's goals are to improve the reliability and resilience of the electricity sub-sector, including physical and cyber security infrastructure and emergency preparedness of the nation’s electricity sub-sector.

“The [Energy] Department has really led the way in terms of critical infrastructure. The [council]—that the energy secretary helps drive—has been really invaluable in getting the industry very well positioned and we've made great strides in the last years,” David Brown, senior vice president of federal government affairs and public policy for Exelon Corp., said at the meeting.

The council was formed in 2013 and meets regularly with Energy Secretary Ernest Moniz and other DOE officials. Exelon Corp. is one of several large energy companies that are a member of the council.

Brown also said the energy industry has been working hard with the government to keep communications open, and to plan for contingencies if a cyber or physical attack occurs, including preparing for grid restoration and resiliency.

To contact the reporter on this story: Rebecca Kern in Washington at

To contact the editor responsible for this story: Larry Pearl at