The Need for Enhanced Security Integration
by Ryan Quint, NERC, USA
The North American bulk power system is among the nation’s most critical infrastructures. Virtually every facet of modern society relies on safe, reliable, resilient, and secure electric energy delivery. The power grid is an extremely complex system of systems including generation, transmission, distribution, end-use loads, telecommunications networks, and a wide range of industry stakeholders.
The electricity sector is facing a rapid transformation driven by decarbonization, digitalization, and decentralization. Utility business models are evolving as quickly as the technologies surrounding them.
Multi-sector electrification is increasing the rate of load growth, interconnection queues are flooded with inverter-based variable energy resources, loads are increasingly connected to the Internet, and technological innovations such as cloud computing are changing how the modern power system is designed, controlled, and operated. In addition, the threat of cyber-attack by nation-states, terrorist groups, and cyber criminals is at an all-time high.
All these changes are occurring in a sector that is slow to adopt change, given the criticality of on-demand, highly available, reliable, and secure power.
NERC and the IEEE Power and Energy Society are teaming up to publish a technical report later this year introducing new ideas regarding security integration*. The goal is to improve the collaboration and coordination between engineering and security functions, focusing on ways in which these disciplines can work more closely together to mitigate the risks that security threats pose to reliable operation of the bulk power system. The report is intended to lay a foundation that provides a shared understanding of issues that affect every aspect of the electric industry, based on these five areas of focus
- Threats: Developing a mutual understanding of different types of security threats, their potential impact to grid reliability, and how those threats are analyzed and mitigated
- Planning Integration: Planning and building a more cyber-resilient bulk power system that is naturally less prone to the impacts of security threats and vulnerabilities
- Design Integration: Enhancing industry practices and capabilities to holistically integrate security controls more seamlessly in the operational technology environments ranging from control centers, generating assets, transmission and distribution systems, and end-use load and distributed energy resources (see Figure 1)
- Operations Integration: Improving operational preparedness and procedures that ensure reliable and resilient handling of security incidents by enhancing incident response, disaster recovery, and blackstart plans
- Emerging Technologies: Proactively considering both the engineering and security aspects of emerging technologies as they are integrated into the electric grid
Now, more than ever, with security as a key component to reliable operation of the bulk power system, it is crucial for the security and engineering disciplines within the electricity sector to become truly integrated.
This evolution will enable the utility industry to achieve greater agility in addressing the challenges upon us today and prepare us to address the challenges ahead.
Ryan Quint is the Director of Engineering and Security Integration at the North American Electric Reliability Corporation. He leads industry efforts focused on grid transformation, emerging technologies, inverter-based resources, distributed energy resources, and integrating security with conventional engineering practices. He has industry experience at Dominion Virginia Power and the Bonneville Power Administration, received his PhD from Virginia Tech, and is a registered professional engineer.