Grid security falls to industry to self-regulate state news grade 6 electricity worksheets


“Basically, the attitude so far has been to let the market deal with it,” said Juliette Kayyem, a national security expert and former assistant secretary at Homeland Security under President Barack Obama. “But this is a national security imperative, which requires government resolve.”

Fears about cyber security have been stoked by recent claims that Russian hackers have been remotely targeting the U.S. grid, as part of what the Department of Homeland Security has described as a “multi-stage effort by the Russian government to target critical infrastructure.”

In Massachusetts, self-reporting rules agreed to by the state Department of Public Utilities and major utilities, require companies to notify the state about a cyber or physical attack “as soon as is practicable” and only if it resulted in a power outage or natural gas system interruption.

“Self regulation has proven to be a failure,” said Deidre Cummings, legislative director for the Massachusetts Public Interest Research Group, a consumer protection advocacy group. “Utilities should be required to disclose what they are doing in terms of cyber security, and state regulators and the public deserve to know immediately when there has been a breach.”

A spokeswoman for ISO New England, which operates the regional grid, declined to discuss specific hacking incidents or responses to cyber threats but said the nonprofit organization has spent more than $11 million on cyber security upgrades in the past five years.

“We have security measures such as redundant facilities, as well as other measures that follow industry best practices, and we are continually working to improve our security as cyber security threats evolve,” ISO spokeswoman Marcia Blomberg said in statement. “We monitor system conditions continuously, and we share information as needed with regulatory and industry bodies.”

National Grid, which serves about 1.3 million customers in Massachusetts, declined to say how much it is spending on cyber security or where the investments are being made, but points out that it must undergo a “rigorous security audit program” overseen by state and federal regulators.

“Our robust systems enable us to monitor, detect and protect our network to keep energy flowing,” the company said in a statement. “We work closely with government, industry partners and regulators to protect our network from current and future threats.”

The Federal Energy Regulatory Commission, which oversees the nation’s energy sector, is in the process of beefing up the mandatory reporting requirements for major electric and gas companies which is says “understate the true scope of cyber-related threats facing the grid.”

In 2015, Ukraine experienced an unprecedented cyberattack on its electric grid that led to widespread power outages, which it said was caused by Russia. The attack raised concerns about vulnerabilities in the U.S. grid system that could make it a victim of similar attacks.

Energy Secretary Rick Perry has proposed the creation of a new division within the federal agency to specifically deal with cyber security threats and President Trump’s budget proposal included $96 million in funding for the Office of Cybersecurity, Energy Security, and Emergency Response.

And Russian attempts to penetrate the grid were cited by the Trump administration as one of the reasons for imposing economic sanctions this month on the country, part of a sweeping new effort to punish Moscow for its attempts to interfere in the 2016 presidential election.