In a paper issued this week, the National Association of Regulatory Utility Commissioners (NARUC) cautioned that the move to a smart grid will increase cybersecurity vulnerabilities.
“We find ourselves at a critical juncture for infrastructure protection as the grid transitions from a previously isolated environment to a complexly interconnected one….Cybersecurity must encompass not only utility-owned systems, but some aspects of customer and third party components that interact with the grid, such as advanced meters and devices behind the meter”, the paper stressed.
NARUC advised state commissioners to work with utilities to increase their investment in cybersecurity protections for the smart grid.
“It may fall to regulators to ask questions of utilities to determine if there are [cybersecurity] gaps and facilitate action”, the NARUC paper said. “This may be the key role for commissions in cybersecurity. Commissioners do not need to become cyber industry authorities or enforcers, but asking a utility a question may motivate the development of a well-founded answer.”
The paper proposed a series of questions that state commissions should ask utilities regarding cybersecurity. These questions deal with ensuring utilities are planning cybersecurity investments with sound procurement strategies and implementing policies and personnel to deal with potential challenges.
“Regulators have to determine whether the amount being invested is insufficient or excessive and whether it is allocated appropriately”, the paper said. “Regulators must then help prioritize these investments along with all the other proposed spending that a utility proposes in a rate case. Regulators must keep the cost of electricity affordable for customers while asking utilities to spend more on cybersecurity in the face of increasing media attention on stories of cybersecurity threats and vulnerabilities.”