New England (and Connecticut in Particular) Showing PUC Leadership on Security

NARUC has been issuing cybersecurity guidance to the 50 US public utility commissions (PUCs) since 2010. And NASEO's been guiding other state government orgs.  California's PUC has been very active, showing leadership with its multiple publications on security and privacy. Until recently, PUC Texas had a true cybersecurity pro on staff.

But now I'm going to tell you about my part of the world: New England.  Last fall the organization that brings the six northeastern PUCs together, NECPUC, put out an RFP for security consulting for the six and some of their utilities. Won by EnergySec, I've heard only positive news about what that six month engagement has produced. In addition, the Massachusetts AG recently released an RFP seeking 3rd part evaluations of cybersecurity preparedness of the distribution companies serving the state.

Security at the Edge of the Grid

We used to be very concerned about traveling too close to the edge of the world, remember?  Then some smart math and science guys figured out, surprisingly, Earth has no edge, so we were free to move about about the globe.

Now as we approach the end of the beginning of the Smart Grid era, what began as an initiative to add visibility, flexibility, and yes, smarts all over the grid is now seeing change accelerate close to the points of consumption.

Of course, amid all the excitement about innovation in distributed generation, distribution automation, energy efficiency, demand management, microgrids, storage, etc., one could forget that there's some basic housekeeping to attend to in the categories of power regulation and security.

The former, which includes maintaining the quality of electricity and keeping dangerous phenomena like harmonics in check, has been the province of utilities and ISO/RTOs and that's not going to change.  Ever increasing percentages of distributed generation are, in anything, going to make utilities' capabilities in this area even more essential to safe and reliable power delivery.

The other housekeeping item, now that it's 2013/2014 and not 1963/1964, is that all the new edge devices have several attributes in common:

• They send, receive and store data
• They constrain access to their data and/or services to certain other systems
• They receive control signals, sometimes from humans (think: iPhone apps) and sometimes from other systems (think: Nest thermostats)

Of course this is an oversimplification, but astute readers will notice that the integrity of all of these activities depends entirely on capabilities from the security domain.  My job as part of Greentech Media's new Grid Edge Executive Council (see my humble logo above nestled among the titans) is to ensure less-than-sexy security attributes are baked into the functional requirements of all the new products that plan to participate in this edgy arena.

That way, when 2023/2024 arrives, we'll be powering our homes, businesses and country with power we can depend upon.