Every second of every day, America’s electric companies are delivering energy to their customers that is reliable, affordable, safe, and increasingly clean. This energy drives our economy and enables our way of life, and providing reliable service is a responsibility electric companies take very seriously. This includes protecting the energy grid from cyber-attacks, which are increasing in frequency and sophistication. As these threats evolve, so, too, do our security strategies, which are closely coordinated with the federal government through a partnership called the Electricity Subsector Coordinating Council (ESCC).
The CEO-led ESCC serves as the principal liaison between the federal government and the electric power industry on grid security and resilience issues, coordinating with senior officials from across the federal government, including the White House, the Department of Energy (DOE), Department of Homeland Security, the Office of the Director of National Intelligence, and Defense, the Federal Energy Regulatory Commission, and the FBI. Together, they improve security through a host of initiatives that enhance how industry and government prepare for, and respond to, threats to critical infrastructure.
As cyber threats evolve, so, too, do our security strategies, which are closely coordinated with the federal government.
This partnership extends well beyond just cybersecurity. Edison Electric Institute’s (EEI’s) member companies and our government partners prepare to respond to all hazards, whether they be physical or cyber or naturally occurring or manmade. Since it would be impossible for companies to protect every asset from every threat all the time, we prioritize based on the likelihood and severity of a threat. We also focus on managing consequences by preparing to restore power quickly and safely regardless of why an outage occurred. As an industry, we know that the public depends on us to restore power as safely and quickly as possible when an incident occurs, and industry-government exercises regularly test our capabilities and response plans before they ever need to be put into action.
In addition to the ESCC’s activities, EEI members coordinate closely with the public-sector offices dedicated to protecting critical infrastructure. Just like the private sector, our government partners are evolving in response to the dynamic threat environment we face today. In February, Secretary of Energy Rick Perry announced the creation of the new Office of Cybersecurity, Energy Security, and Emergency Response (CESER), to help the electric power industry better protect itself from future cyber-attacks and ensure a reliable supply of electricity for customers. The Department of Energy has been an important partner in helping industry prepare for and respond to incidents. EEI looks forward to continuing this partnership with DOE and working closely with Assistant Secretary Karen Evans and the new CESER office to continue this important mission.
The value of industry-government coordination cannot be overstated. Coordinating directly with the government allows EEI members to take a more comprehensive approach to identifying, assessing, and mitigating threats and suspicious activity. The government regularly provides classified briefings to system operators regarding the latest threats to the electric power industry. When companies receive actionable intelligence, they are able to take action to prevent or to mitigate future attacks.
The Cybersecurity Risk Information Sharing Program (CRISP) is a great example of a valuable technology that has resulted from this partnership, combining intelligence and analysis from the electric power industry, DOE, Pacific Northwest and Argonne National Laboratories, and the Electricity Information Sharing and Analysis Center (E-ISAC). More than 75% of U.S. electric customers are served by a company that has deployed CRISP, and this program will continue to grow as the information gleaned from its sensors and the associated analyses have proven extremely valuable to identifying and addressing security risks.
In February, Secretary Rick Perry announced the creation of the new Office of Cybersecurity, Energy Security, and Emergency Response to help the electric power industry better protect itself from future cyber-attacks.
The electric power industry invests more than $100 billion each year to make the energy grid stronger, smarter, cleaner, more dynamic, and more secure. These investments in smarter energy infrastructure help companies to better monitor their systems, and they provide the flexibility and resiliency needed to manage incidents in real time. The industry also focuses on workforce development to ensure that we have employees with the skills needed to respond to incidents.
Our industry’s new cyber mutual assistance (CMA) program is a great example of how the ESCC can drive initiatives that make the whole industry more secure. Building on our industry’s culture of mutual assistance, we established an industry-wide program that will help companies restore critical computer systems following significant cyber incidents. The program now offers resources from more than 145 electric and natural gas companies representing investor-owned electric companies, public power utilities, electric cooperatives, natural gas companies, regional transmission organizations and independent system operators, and Canadian electric companies. This network covers approximately 80% of U.S. electricity customers and roughly 75% of U.S. domestic natural gas customers.
In today’s dynamic threat environment, programs like CRISP and CMA are critical tools for the electric power industry to ensure our ability to provide reliable energy to customers. The energy grid is the backbone of the U.S. economy, and securing it is critical to the life, health and safety of all Americans. In the face of evolving threats, the industry will continue to invest in security, improve information sharing, further develop mutual assistance networks, and strengthen government and cross-sector partnerships.
Tom Kuhn is president of the Edison Electric Institute.