The smart grid is ripe for some type of breach and state regulators said utilities should hike their investment in cyber security protections.
The National Association of Regulatory Utility Commissioners (NARUC) said the move to a smart grid will increase cyber security vulnerabilities.
“We find ourselves at a critical juncture for infrastructure protection as the grid transitions from a previously isolated environment to a complexly interconnected one. Cyber security must encompass not only utility-owned systems, but some aspects of customer and third party components that interact with the grid, such as advanced meters and devices behind the meter,” the organization said.
NARUC advised state commissioners to work with utilities to increase their investment in cyber security protections for the smart grid.
“It may fall to regulators to ask questions of utilities to determine if there are [cyber security] gaps and facilitate action,” NARUC said. “This may be the key role for commissions in cyber security. Commissioners do not need to become cyber industry authorities or enforcers, but asking a utility a question may motivate the development of a well-founded answer.”
NARUC proposed a series of questions that state commissions should ask utilities regarding cyber security. These questions deal with ensuring utilities are planning cyber security investments with sound procurement strategies and implementing policies and personnel to deal with potential challenges.
“Regulators have to determine whether the amount being invested is insufficient or excessive and whether it is allocated appropriately,” NARUC said. “Regulators must then help prioritize these investments along with all the other proposed spending that a utility proposes in a rate case. Regulators must keep the cost of electricity affordable for customers while asking utilities to spend more on cyber security in the face of increasing media attention on stories of cyber security threats and vulnerabilities.”