Now that Russia has apparently hacked America’s grid, shoring up security is more important than ever

If regulators blindly approve these rate hikes, it can be an abdication of their duties. If they reject them, utilities get penalized for shoring up their security and then lose an incentive to keep doing the right thing.

To err is human
Even though the idiosyncrasies of utility regulation make cyberdefense a more complicated issue than it might otherwise be, tools to manage this risk are available.

Mitigating the damage that human error can cause in response to malicious attacks, for example, may not demand any spending beyond what it costs to teach workers at utilities and their contractors to refrain from blindly opening perilous email attachments, the avenue into the electricity system used by hackers in the 2015 Ukraine attacks and in the system breaches the government recently disclosed.

Indeed, hackers delivered almost 94 percent of all malware in 2016 through email systems. Clearly, more widespread awareness of the need to keep an eye out for phishing attacks will help secure infrastructure.

Regulators have been studying strategies that might enhance cybersecurity. Standards are already in place in the U.S., Canada and part of Mexico for utilities to assess their capability to prevent or detect cyberattacks.

Preventative measures can include states adopting new regulations that protect utilities’ confidential information and doing more to train utility workers to spot and confront cybersecurity threats.

It’s also important that regulators recognize that securing systems is an ongoing process. It can never really end because as system security measures change, hackers devise new ways to circumvent them.

Grid resilience
Grid resilience strategies can help to maintain service regardless of the source of the outage. For example, many utilities have invested in “self-healing” systems that isolate glitches in the grid and quickly restore service amid outages.

Here’s an example of how that works. During Hurricane Matthew in Florida, in 2016, Florida Power and Light identified a threatened substation and isolated it from the rest of the grid. This measure protected its customers by ensuring that outages at that substation would not spread.

Utilities can also create microgrids, or portions of the grid that can be isolated from the rest of the system in the event of an attack. Most of these systems have been designed to improve resilience in the event of natural disasters and storm events. But they can help defend the grid against cyberattacks as well.

Public concerns over grid security are more justified than ever. But I believe that minimizing the risk of a catastrophic infrastructure attack is within reach. All it will take is for utilities to educate their workers on system security while the government updates its rules and practices – and for everyone involved to keep doing what they can to avert outages of all kinds and to restore power as quickly as possible when outages occur despite those efforts.

Theodore J. Kury is Director of Energy Studies, University of Florida. This article is published courtesy of The Conversation (under Creative Commons-Attribution / No derivative)