Department of Energy Raises Concerns on Cybersecurity for Grid

January 2017

The U.S. Department of Energy has raised serious concerns regarding cybersecurity vulnerabilities within the U.S. energy grid in its Quadrennial Energy Review. Chapter IV of the Review (which begins on its 272nd page) “addresses a range of possible risks to the electricity system and the broader economy, and it suggests options to mitigate and prepare for these risks.”

The Review paints an ominous picture of the cybersecurity challenges on the horizon for those protecting the grid, stating:

In the current environment, the U.S. grid faces imminent danger from cyber attacks. Widespread disruption of electric service because of a transmission failure initiated by a cyber attack at various points of entry could undermine U.S. lifeline networks, critical defense infrastructure, and much of the economy; it could also endanger the health and safety of millions of citizens. Also, natural gas plays an increasingly important role as fuel for the Nation’s electricity system; a gas pipeline outage or malfunction due to a cyber attack could affect not only pipeline and related infrastructures, but also the reliability of the Nation’s electricity system.

(Emphasis added.)

Several recommendations are made to policymakers with respect to how means to address these challenges, including:

  • amendment to the Federal Power Act to “clarify and affirm the Department of Energy’s [] authority to develop preparation and response capabilities”;
  • collection of targeted data by DOE to report to the President concerning vulnerabilities and actions to be take in response to those vulnerabilities;
  • adoption by the Federal Energy Regulatory Commission of “standards requiring integrated electricity security planning on a regional basis” (to the extent consistent with statutory authority); and
  • assessment of natural gas infrastructure to determine if additional protections are needed.
In the words of the Report, the “era of enhanced grid operations through artificial intelligence is here.” However, proper execution using new technologies “must occur in a context that assiduously assures deflection of cyber attacks that could cripple grids; it must also occur through market mechanisms to help value and ensure cost-effective outcomes.” These statements make clear that U.S. regulators continue recognize both the vulnerabilities and critical nature of the energy grid. Those involved with energy grid management, or those with significant ties to or dependencies on related entities, should remain watchful of updates to cybersecurity threats and requirements.