About this risk area
The North American Bulk Electric System (BES) is highly automated, with computers and cyber assets controlling most functions of the planning and operations of the grid. As a critical infrastructure, essential for day-to-day life, our sector must remain vigilant in eliminating vulnerabilities and defend against potential cyber-attacks.
New technologies also present new cyber security risks, as the operational and technological environment is evolving significantly, increasing the risk and complexity of the cyber landscape. As an example, distributed energy resources place computer-controlled inverters in fields and other open areas. Similarly, dynamic line rating sensors are located on the span of transmission lines to provide accurate, real-time data on the ability of the line to carry power. In both cases, devices can be physically accessed, creating an additional vulnerability.
Cyber security risks are addressed through the North American Electric Reliability Corporation (NERC) CIP Standards with oversight from our audit and enforcement teams. NERC is considering additional updates to these standards to address emerging risks like cloud computing. We strive to learn from other industries regarding risks and threats they have experienced, and we work collaboratively with industry to encourage not just good cyber hygiene, but also best practices for classifying and protecting their cyber assets. We publish a CIP Themes Report, highlighting the themes we have seen through self-reports and audit findings with the goal of sharing mitigations to address these risks.
We have experienced cybersecurity experts that consult with industry to mitigate this risk. We tackle cyber security topics in newsletter articles such as The Lighthouse, workshops and webinars, and our committee work. We can also help answer questions and provide training on supply chain management, recovery, digital forensics, information protection, patch management, access controls, and more. If you are interested in working with us on identifying and mitigating cyber security threats to the grid, consider joining our Critical Infrastructure Protection Committee (CIPC).
Explore additional cyber security resources below.