Power System Cyber security

thumb_9_power system cybersecurity.jpg

Jay Thakar

Carol Holahan, counsel in Foley Hoag’s Energy & Cleantech practice, was a guest on The POWER Podcast. Holahan advises large regional generators and other participants in the wholesale and retail competitive electricity markets on policy initiatives, changing environmental regulations, decommissioning and sale of plants, and matters pending before the Federal Energy Regulatory Commission (FERC).

Holahan explained some of the differences between natural gas pipeline and bulk power system cybersecurity requirements. Currently, the Transportation Security Administration (TSA) is responsible for oversight of the gas pipeline system. Holahan said the U.S. system comprises a 2.7 million-mile network. Yet, according to a letter written by two FERC commissioners last year, TSA has only six employees dedicated to pipeline oversight. Furthermore, TSA has no mandatory compliance or reporting requirements, and relies on companies basically self-reporting, especially with respect to cybersecurity events.

Oversight of the U.S. bulk power system is markedly different. It is mandatory and quite complicated, with FERC, the North American Electric Reliability Corp. (NERC), the Department of Homeland Security, and the Department of Energy (DOE) all involved in some aspect of oversight. The disparity between the requirements for gas and electric infrastructure, combined with a computer hacking event last year that affected multiple pipeline companies, led two FERC commissioners—one Democrat and one Republican—to write a joint letter urging the transfer of gas pipeline oversight to the DOE. To date, changes in the oversight structure are still being debated in Washington with no clear resolution in sight.

While cybersecurity is easy to neglect, he said a recent $10 million fine issued by NERC against an unnamed power company for alleged cybersecurity violations sent a very clear message to all U.S. utilities subject to NERC requirements: “If you had not been paying attention to cybersecurity to date, you better start.”

“I think it will be well worth watching what models FERC is going to approve that will allow these resources to participate without compromising price formation or market entry and exit signals.”

Contact Us


1C Satyam Appartment,
Above Trinetra,
Vishwas Colony,
Vadodara, Gujarat 390005