February 7, 2018
By Blake Sobczak
A 20-year-old grid security program is getting a makeover to put murky cyberthreats into focus.
For it to succeed, the Electricity Information Sharing and Analysis Center (E-ISAC) is counting on the trust — and data — of power utilities at the front lines of the grid's cyberdefense.
The goal is to become "a necessary piece of any electric industry security program, both in cyber and physical," said Bill Lawrence, senior director of the E-ISAC at the North American Electric Reliability Corp., an industry-led group that manages electric reliability for the bulk power system in North America.
Kenneth Carnes, vice president and chief information security officer at the New York Power Authority (NYPA), said he's on board and expects an "open dialogue" with the new center.
"The best way for us to be prepared is not looking just within our scope of view with our blinders on; it's looking at what's happening in the threat space as a whole," he said.
The new pilot project with the U.S. public power industry is partly aimed at quelling those fears.
"I personally don't have any trust issues," said Michael Fish, senior director for enterprise cybersecurity at the Salt River Project, one of Arizona's biggest utilities. "But I would say that one of the benefits of having this program is to understand how the E-ISAC was actually set up. The more that people understand the separation [with NERC enforcement], I think they'll be more comfortable with information sharing."