Trump's cybersecurity executive order calls for power grid assessment

Dive Brief:

President Donald Trump issued an executive order on cybersecurity outlining on Thursday, outlining a series of actions for federal agencies to strengthen protections for national cybersecurity, federal IT networks and critical infrastructure, including the power grid.
Under the order, Secretary of Energy Rick Perry and Secretary of Homeland Security John Kelly will work with state and local governments to assess gaps in power grid cybersecurity and the potential impacts of a prolonged power outage as the result of an attack.
The assessment will be delivered to the President within 90 days of the date of the order. While the United States utilities name cybersecurity as a top concern, they have so far escaped a successful major cyberattack.

Dive Insight:

The Trump Administration pledged to make cybersecurity a primary concern throughout his campaign, but was slow to deliver as he pushed through multiple orders rolling back former President Obama's key actions on energy, climate and healthcare.

But the order appears to address concerns held by utility officials, who have long worried about a massive blackout stemming from a cyberattack. A major in the Ukraine two years ago and a scare at a Vermont utility earlier this year highlighted additional concerns over the vulnerability of the grid to a major attack.

In Utility Dive's latest sector survey of more than 600 utility professionals, respondents named physical and cyber security the most pressing issue facing their companies today.

View the full list of utility concerns in the State of the Electric Utility report.

State of the Electric Utility 2017

According to a report from Lloyd's of London, a cyberattack on the U.S. grid could cost $1 trillion.

The North American Electric Reliability Corporation (NERC) ran a simulated attack on the U.S. grid in 2015, partnering the industry and government to determine how to improve responses in the event of a real attack. In August of 2016, researchers at the DOE's Idaho National Laboratory (INL) demanded new awareness for grid security as the rollout of smart grid technology raised the risk of cyber attacks.

"With utilities in the U.S. and around the world increasingly moving toward smart grid technology and other upgrades with inherent cyber vulnerabilities, correlative threats from malicious cyber attacks on the North American electric grid continue to grow in frequency and sophistication," the researchers wrote.

The National Institute of Standards and Technology devised a framework for improving critical infrastructure cybersecurity, which include protections for the bulk electric systems.

Several utilities are working on in-house solutions and with consultancies to develop formal cybersecurity programs. A FirstEnergy spokesperson told Utility Dive after the Vermont scare that they had deflected a denial of service attack in 2015.

"Cyberattacks are not uncommon in our industry," FirstEnergy spokesperson Tricia Ingraham said. The company "actively monitors these attacks and we collaborate with government and industry organizations. We also remain involved in efforts to improve information sharing across these entities."