ISO-NE and New England states discuss strategies for securing digital infrastructure
ISO New England recently hosted a meeting of New England state utility commissioners and staff to continue an ongoing dialogue on the importance of electric grid cybersecurity. All six state commissions were represented as well as the New England States Committee on Electricity.
ISO New England began the discussion with a broad overview of its physical and cyber security practices, highlighting the importance of restricting access to sensitive systems and its commitment to mandatory ongoing training for ISO staff.
The ISO presented an overview of the mandatory and enforceable Critical Infrastructure Protection (CIP) Standards—security standards developed by the North American Electric Reliability Corporation and approved by the Federal Energy Regulatory Commission (FERC). Federal regulators and industry stakeholders are already discussing the implementation of the fifth iteration of CIP standards (the first version of CIP standards was initially approved by FERC in 2007). ISO New England is recognized in the area of compliance with CIP standards and has acted as a resource to other companies seeking to navigate the CIP process.
Finally, the ISO reviewed a number of cybersecurity policies being debated in Washington, DC, including the ongoing implementation of the President’s executive order on cybersecurity released in February 2013. As directed by the executive order, the National Institute of Standards and Technology continues to lead an industry-inclusive process to develop a set of voluntary cybersecurity standards for owners and operators of critical digital infrastructure. As the new standards are developed, members of the ISO/RTO Council (including ISO New England) continue to caution against the creation of regulations that overlap or conflict with current NERC CIP standards (with which IRC members must comply).
Following those discussions, all six New England states provided individual updates on cybersecurity initiatives being undertaken at the state level. State activities include meeting with distribution-level utilities to discuss security practices, creating and updating response and recovery strategies, and continuing communication with federal agencies.
ISO New England will continue to work with state and federal officials, as well as regional stakeholders, to enhance regional cybersecurity practices.