|
Action on electricity cybersecurity
An Alaska Railbelt working group progresses towards a set of standards for application in the regional electrical network
Alan Bailey Petroleum News
During an Oct. 24 public meeting of the Regulatory Commission of Alaska electricity utility executives reported on progress towards developing a set of cybersecurity standards for application in the Alaska Railbelt electrical system.
Cybersecurity, involving protection of computer and digital communications systems from malicious attacks involving the planting of malware in the systems, has become a very serious issue, given society’s increasing dependence on the use of computer-based data processing, automation and communication. And, in the electricity industry, a cyberattack has the potential to bring down all or part of an electricity supply network, with dire results.
The electricity utilities that operate in the Alaska Railbelt are well aware of cybersecurity risks and have been taking steps to guard against any malware attack. And for several years a group from the utilities has been working jointly on cybersecurity.
Railbelt reliability standards The RCA, as part of its interest in seeing a more unified approach to the operation of the Railbelt grid, has seen the implementation of a single enforced set of reliability standards for the entire grid as a critically important issue. The utilities have made considerable progress in unifying the standards that they use. But those standards do not yet incorporate cybersecurity. However, during the Oct. 24 public meeting utility executives told the commission that the cybersecurity working group anticipates completing a set of cybersecurity standards within a few months.
Jeff Myers, senior manager of information technology at Matanuska Electric Association, told the commission that the group had been engaging consultants to help with the development of standards. The group has been determining how to configure national cybersecurity standards, known as CIP standards, to fit into the Railbelt’s unique circumstances. In an August workshop the group developed a draft set of security criteria to apply to high voltage electrical generation and transmission in the Railbelt. And in an October workshop the group had used the CIP standards to develop a draft set of Alaska standards for this high voltage, so called “bulk,” system for the generation and regional transmission of power.
Steps to implementation Todd McCarty, senior manager for information technology at Chugach Electric Association, said that as a next step the operating committee for the Alaska Railbelt transmission system intertie is comparing the terminology used in the draft cybersecurity standards with the terminology used in a draft set of physical security standards for the system, to come up with a single glossary of terms. Then all of the utilities will review the standards, to assess the cost of compliance and the staffing implications.
Following a further review of the standards by the working group in November, the group will submit the draft standards to the Railbelt utility managers for review, with the expectation of final completion of the standards in February, McCarty said.
Distribution system security Commissioner Robert Pickett asked if any consideration is being given to cybersecurity for the local distribution aspects of the electrical system, rather than just the high voltage bulk generation and transmission system. With a plethora of new equipment, such as smart metering, coming into play, security of the distribution system is becoming an increasing concern, he suggested.
McCarty said that there has been much discussion on this topic. Even large utilities are trying to figure out how to deal with existing gear and how to make equipment secure, he said. Ed Jenkin, director of power delivery for Matanuska Electric Association, commented that there are components of the distribution networks that can impact overall system reliability. The standards development has focused on the higher-voltage system components, but there has been consideration of areas where it may be necessary to reach down into lower voltage components, Jenkin said.
Myers and McCarty also commented that the utilities have been implementing infrastructure security recommendations from the Federal Energy Regulatory Commission and the U.S. Department of Homeland Security. They also commented that, with cybersecurity being a moving target, as information technology and the nature of cyberattacks changes, it is necessary to remain agile in protecting the electrical systems.
Pickett suggested that cybersecurity considerations should potentially extend to issues involving third parties such as natural gas suppliers that are critically important to the reliability of Railbelt electricity supplies.
|
