NARUC releases new publications on cybersecurity for utility commissioners

Published on November 02, 2020 by Dave Kovaleski

© Shutterstock

The National Association of Regulatory Utility Commissioners (NARUC) Center for Partnerships & Innovation issued new publications on the need for public utility commissions and utilities to coordinate on cybersecurity preparedness efforts.

The publications are called the Cybersecurity Tabletop Exercise Guide and Public Utility Commission Participation in GridEx V: A Case Study. The Cybersecurity Tabletop Exercise Guide provides public utility commissions and other stakeholders with step-by-step instructions to design, conduct, and evaluate a cybersecurity-focused TTX, an exercise where partners work through a simulated incident to identify emergency response capabilities. The guide includes customizable templates to easily start these critical conversations. Next year NARUC will partner with the Texas Public Utility Commission to pilot this technical guide’s applicability.

“The Public Utility Commission of Texas welcomes the opportunity to take part in the NARUC Cybersecurity Tabletop Exercise Guide pilot program,” Chuck Bondurant, director, Critical Infrastructure Security and Risk Management, Public Utility Commission of Texas, said. “Given the ever-present threat to critical infrastructure posed by cyberattack, we embrace the importance of not only overseeing Incident Response Plans for individual utilities but also ensuring our own organization is fully synchronized with our local, state and federal counterparts to ensure the most effective response.”

Public Utility Commission Participation in GridEx V: A Case Study highlights the experiences of six public utility commissions — Alaska, Connecticut, Colorado, Florida, Idaho, and Iowa — that participated in GridEx V. GridEx focuses on response and recovery from coordinated cyber and physical security incidents on the bulk power system. The case study explores the benefits and challenges that the PUCs encountered while coordinating with utilities in simulated cyber and physical attacks.

“The GridEx exercise demonstrated that it is not enough to just rely on preparation to respond to a cyber incident. We must continuously test the resiliency of our cyberinfrastructure to improve the effectiveness of how our grid responds to cyber challenges,” Commissioner Andrews Giles Fay of the Florida Public Service Commission said.