Cyber Security and the North American Electric Grid | Wilson Center
5th Floor, Woodrow Wilson Center

Cyber Security and the North American Electric Grid

On April 16, 2013, the Canada Institute hosted its fourteenth Cross-Border Forum on Energy Issues.  This year’s program, “Cyber Security and the North American Electric Grid” assembled key stakeholders, academics, and government policy makers for an off-the-record discussion on the vital but potentially vulnerable electric grid shared by Canada and the United States. The assembled participants concluded that despite decades of cooperation more must be done to confront emerging cyber security issues in the energy sector.

Government representatives, industry stakeholders, and independent experts are optimistic about Canada and the United States’ abilities to promote an infrastructure security dialogue and undertake joint approaches to tackle new challenges to the North American energy industry. However, companies and governments must change their mindsets if they are to meet the ever increasing threat that cyber attacks pose. Governments must incentivize companies to share threats and attacks and institute strict privacy controls on information received. For their part, private companies should trust that sharing information with the government will lead to more effective cyber security and should therefore share information as it becomes available. Thwarting cyber attacks demands communication and collaboration on three levels: between governments, within government, and between government and industry. The depth of communication between these levels must increase if we are to meet the threat that cyber attacks pose.

Participants noted that the North American electricity sector is currently the only critical infrastructure sector with mandatory and enforceable cyber security standards in place.  The organization responsible for developing these standards – the North American Electric Reliability Corporation (NERC) – is continually refining them, with the fifth iteration set for approval by regulatory authorities in the near future.  However, stakeholders acknowledge that no single standard or set of standards are adequate to fully guard against all potential cyber threats and that the industry’s defenses must keep pace with a continuously shifting threat environment.

As threats change and take on new forms, solutions must also be more adaptable in order to be relevant, responsive, and effective.  Although simulations are effective in helping to prepare responses to potential challenges, real-time solutions must take precedence.  Participants concluded that further joint action is needed to address challenges confronting the North American energy sector.  This collaboration will also ensure that the North American energy market remains reliable and strong.

Watch speaker Mark Fabro of Lofty Perch discuss cyber security.