In collaboration with the White House, the Department of Homeland Security (DHS) and electric company senior executives, the Department of Energy (DOE) formally launched a new initiative to develop a more comprehensive and consistent approach to protecting the nation's electric grid. Called the Electric Sector Cybersecurity Risk Management Maturity Project, DOE is seeking to leverage private industry and public sector expertise to develop an adaptable and scaleable model for measuring current capabilities and analyzing gaps in cyber defenses. The model will be based on a cybersecurity risk management process guideline developed with public and industry input and finalized in October 2011.

In a statement accompanying the project launch, White House Cyber Security Coordinator Howard Schmidt commented, "This effort will be focused on performance-based strategies and concrete steps to measure progress of cyber security in the electric sector. It is important to understand the sector's strengths and remaining gaps across the grid to inform investment planning and research and development, and enhance our public-private partnership efforts."

A series of workshops with industry representatives is planned for the next several months to draft the maturity model. A pilot program to test the model's effectiveness and validate results is planned for late spring/early summer with about a dozen electric utilities and grid operators participating. Based on the results of the pilot program, a final risk management maturity model is expected to be made available to the entire electric sector late summer. Read more »

The commission seeking greater authority over the cybersecurity of the nation’s electric grid has security problems of its own. A recently released audit of Federal Energy Regulatory Commission’s (FERC) unclassified cybersecurity program by the Inspector General (IG) of the Department of Energy (DOE) has revealed much room for improvement. While acknowledging that the commission has improved since DOE’s FY2010 evaluation, the audit cited continued weaknesses related to timely remediation of software vulnerabilities, and failure to implement FERC’s own Vulnerability Management Program (VMP) as the reasons for its findings. 

The audit stated that “specifically, we noted that 32 of 70 vulnerabilities we identified were rated "high risk" by the vendor and/or the National Vulnerability Database sponsored by the Department of Homeland Security's National Cyber Security Division.” Nine of the issues identified impacted a  significant number of the 45 servers and/or 236 workstations tested, and were primarily associated with third-party productivity and internet applications.  “All of the "high risk" vulnerabilities identified were more than 30 days old, including 18 that were missing patches more than 1 year old. Furthermore, we identified several instances where the Commission was using software that was no longer supported by the vendor.”

While FERC budgeted approximately $3.8 million during fiscal 2011 to secure its information technology assets, FERC cited “budget and resource constraints” as the reason for not following its own VMP. In addition, FERC said that some patches were not instituted because of adverse operational impacts. 

The Department of Energy, in collaboration with the National Institute of Standards and Technology and the North American Electric Reliability Corporation, has released a draft of the Electricity Sector Cybersecurity Risk Management Process (RMP) Guideline for public comment. The RMP Guideline was drafted by a joint public-private sector team that also included representatives from the Federal Energy Regulatory Commission, the Department of Homeland Security, and utilities. The initiative to develop the RMP Guideline is led by the Department’s Office of Electricity Delivery and Energy Reliability. Comments are by October 28, 2011 and can be made at: https://public.commentworks.com/CW_DOE_AWF/ Read more »

The preparation and response efforts of utilities to Hurricane Irene were commended by the Department of Energy in a commentary written by Patricia Hoffman, the Assistant Energy Secretary for the Office of Electricity Delivery and Energy Reliability. Hoffman expressed the Administration's gratitude for "the commitment and hard work of the utilities and the tens of thousands of workers" for their efforts to restore power to 5.5 million customers. "We want to thank the repair crews and support personnel for their continued commitment to work around the clock to restore everyone's power safely as soon as possible."

The Department of Energy has announced a $1.4 billion partial loan guarantee to support an initiative, Project Amp, that seeks to install of solar panels on industrial buildings across the country. The project plans to use the 733 megawatts(MW) of electricity generated from the panels to feed directly into the electric grid rather than powering the buildings where they are installed. The solar panels will go on 750 existing rooftops owned and managed by Prologis, and is expected to produce up to 1 million MW hours annually. NRG Energy is the lead investor in Phase 1 of the project that involves a 15.4 MW installation in Southern California, and the power from Phase 1 will be sold to Southern California Edison. Additional installations will be built in up to 28 states and the District of Columbia.

The White House is set to announce a number of public and private sector initiatives on Monday morning that are geared towards accelerating the modernization of the Nation’s electric infrastructure, bolstering electric-grid innovation, and advancing a clean energy economy. They include $250 million in Rural Utility Service (RUS) loans for smart-grid technology deployment, a private sector initiative to promote consumer-friendly tools for energy management and privacy, and the formation of a Renewable Energy Rapid Response Team which will be jointly led by the White House Council on Environmental Quality, the Department of the Interior, and the Department of Energy.

A report titled "A Policy Framework for the 21st Century Grid" by the National Science and Technology Council (NSTC) will also be released at today's event. This report will address steps the administration plans to take to meet it's goals of boosting the development and deployment of smart grid technologies, creation of standards and interoperability to drive innovation, improved grid security and resilience, and consumer-focused energy information access and engagement.

The announcement will be made at a meeting today scheduled for 10am ET. A webcast of the meeting will be available on the White House website. For more information, see this press release.

One of the biggest challenges facing the deployment of smart grids is inadequate consumer education, which is in some cases is worsened by "over-hyping" the benefits of the smart grid. This general consensus came from UTC Smart Grid Policy Summit, a two-day conference held this week in Washington, DC that featured panel discussions with key policy makers, regulators, utilities and industry associations. While the panels debated issues such as the role of state vs. federal regulators in setting smart grid policy and the pressures of cost-recovery, many of the panels often returned to the need for consumer awareness and trust. Opening Keynote Speaker, Joe Rigby, CEO and Chairman of PEPCO, addressed this concern by discussing his utility's successful pilot programs that were implemented in collaboration with state regulators and consumer groups and showed that consumers do respond positively to dynamic pricing. However, he did note that duplicating the results of a pilot in a larger territory roll-out was not easy. Read more »

The Department of Energy's Advanced Research Projects Agency-Energy (ARPA-E) has signed a partnership deal with Duke Energy and the Electric Power Research Institute (EPRI)to further the testing and deployment of ARPA-E funded projects which seek to boost the modernization and advancement of the electric grid.

The DOE press release states: "Through the Memorandum of Understanding (MOU), ARPA-E, Duke Energy, and EPRI will identify opportunities to expand cutting edge smart grid developments, grid-scale energy storage, power electronics, and energy efficient cooling technologies, among others. This new umbrella deal, which will allow for similar partnerships with other utilities, comes two months after ARPA-E announced six of its projects have secured more than $100 million in outside private capital investment."

The Department of Energy (DOE) has announced a collaborative grid cyber security initiative with the National Institute of Standards and Technology (NIST) and the North American Electric Reliability Corporation (NERC). Led by the DOE’s Office of Electric Delivery and Energy Reliability, the effort will also collaborate with public and private sector representatives including the NIST Smart Grid Interoperability Panel’s Cyber Security Working Group (CSWG) and the Federal Energy Regulatory Commission (FERC). Read more »

As utilities and other critical infrastructure industries (CIIs) move forward in the development and deployment of smart grids, marketing ploys that misrepresent their capabilities and needs have been implemented that are designed to skew both decision making and regulatory oversight. The marketing ploys ignore the fact that CIIs will ultimately choose to build their own networks or buy telecom services based upon technical requirements, costs and levels of service required. CIIs have and will continue to utilize others to provide telecom services for certain aspects of their operations and smart grid deployments based upon these criteria. For many of the reasons identified in UTC's new Information Bulletin, CIIs will meet their telecom needs by expanding their existing networks. As described in the Bulletin, the rhetoric which has been introduced into the marketplace tends to understate the real capabilities of utilities and other critical infrastructure industries and overstate the capabilities of others. UTC's new Information Bulletin has separated fact from fiction and can be found on the UTC website.