Utility Dive: Utilities to DOE - More Information, Not New Regulations, Needed to Secure the Grid

June 14, 2021
News Mentions
DOE
Cyber Security

By Robert Walton

The utility sector needs precise information about the federal government's equipment concerns and better visibility into manufacturing supply chains in order to keep the electric grid secure, several groups told the U.S. Department of Energy in June 7 comments responding to a call for cyber and supply chain security recommendations to secure the electric grid.

However, new regulations and security requirements are not necessary at this time, according to the Edison Electric Institute (EEI), which represents investor-owned electric utilities. That idea was echoed by other industry groups filing comments.

Utilities support development of a U.S.-based supply chain, to move away from Chinese grid equipment, but warn that such a move could cause a short-term rise in prices due to a lack of suppliers. Procurement of some large power transformers, EEI noted, "may primarily depend on a single country."

Utilities say they need clear direction from the government on any equipment bans, and help getting more information on what components make up the grid equipment in use. But they also warn that, at this point, new regulations could get in the way of making the grid more secure — and could even affect its operations.

"Many efficiencies can be gained in leveraging existing cyber and physical security and supply chain processes, as opposed to creating and imposing upon the industry a new set of processes that could disrupt existing measures to combat the threats or access to critical equipment," EEI said in its response to the request for information (RFI).

'SPILLOVER' EFFECTS ON RELIABILITY 

New directives from DOE, whether addressing supply chains or equipment in use, could affect the market for critical equipment and "have a spillover effect on the day-to-day grid reliability," EEI said, and "may increase the ultimate costs to electric customers."

Smaller utilities also questioned the need for new security requirements. The American Public Power Association (APPA) filed comments jointly with the Large Public Power Council, the National Rural Electric Cooperative Association and the Transmission Access Policy Study Group.

The groups urged DOE to "focus on the extent to which existing standards have been successfully implemented in the electric utility sector to help frame the scope for any new regulations." And if DOE sees risks that are not being addressed in the existing required supply chain standards, the agency should consult with the Federal Energy Regulatory Commission and/or the North American Electric Reliability Corp. (NERC), and "provide actionable information that can inform appropriate standard revision."

"It would be burdensome on utilities, in particular smaller entities like public power utilities and electric cooperatives, to require them to report on supply chain requirements to more than one federal regulator," APPA and the other groups said.

EEI also noted that NERC's critical infrastructure protection standards are relatively new, and consequently, additional requirements or standards at this point are premature. "Rather time for implementation and gap analysis is warranted to determine whether any changes or additions are needed," the group recommended.

The Nuclear Energy Institute, which advocates for the industry, told DOE, "we do not see the need for any additional assistance, security requirements, or procurement practices to be imposed on the commercial nuclear power fleet at this time." The group also said it does not see a need for DOE to issue any prohibition orders on "equipment or infrastructure associated with the commercial nuclear power fleet."

SUPPLY CHAIN VISIBILITY

Supply chain risks have come under heightened scrutiny since the SolarWinds hack. About 25% of power utilities were exposed to the software vulnerability, according to NERC.

Experts say modern software and equipment is made up of hundreds or even thousands of components which must be examined for vulnerabilities. EEI said its companies need specific details on any piece of equipment that DOE might flag for concern.

"The supply chain for electric power equipment is enormous ... and it is not the end-use electric companies who have information about what is inside those pieces of equipment or components," EEI said in its comments.

Utilities have tools to identify threats to the supply chain and electric grid, but EEI said "by definition, these are not all encompassing. Government has access to sensitive information that it should find ways to share so all affected stakeholders understand what equipment is of concern and why it is of concern."

The utility group encouraged DOE to "collaborate with and help electric companies by sharing this information and include other stakeholders who have the knowledge."

EEI also said the DOE could work with the National Institute of Standards and Technology to develop "consistent criteria" for a hardware and software bill of materials (SBOM). An SBOM indicates what components are in a piece of software, allowing utilities to track and patch vulnerabilities.

"Doing so would support standardization in these bill of materials, which would make the development and provision of such useful tools for the purposes of identifying provenance and the potential presence of any foreign ownership or control," EEI said.

President Joe Biden signed an executive order May 12 to improve the country's cyber defenses, and it required use of an SBOM in government procurements. EEI has been been collaborating with the federal government to pilot the use of SBOMs in energy sector procurements. 

The Electric Power Supply Association, which represents competitive providers,  said DOE could consider strengthening industry procurement efforts "by crafting standardized cybersecurity contract language and creating a whitelist of suppliers who manufacture component and subcomponent parts." 

FOREIGN OWNERSHIP

While DOE examines the potential of new security requirements, the RFI said the federal government expects utilities will "act in a way that minimizes the risk of installing electric equipment and programmable components that are subject to foreign adversaries’ ownership, control, or influence."

It's not that simple, warned utilities.

The concept of "foreign ownership, control, and influence” is "very broad," APPA told the agency.

"To the extent DOE moves in this direction, the industry would benefit from efforts by DOE and other government agencies to identify actionable information regarding threats from adversaries abroad," APPA said.

EEI said its companies need clear guidance on what specific factors — including location of manufacturing or level of equity ownership — would constitute "foreign ownership, control, and influence."

"Otherwise, procurement decisions cannot be made with certainty. For example, given the number of equipment suppliers that are publicly traded and the speed at which stocks change hands, electric companies could never be certain whether a supplier has foreign ownership," EEI said.

Read the original article here.

Previous
Back To News
Next
Public Power Leaders Attend LPPC’s Inaugural Members Conference
Broad coalition floats cost containment proposal as FERC eyes final grid rule
Groups Urge Inclusion of Cost Containment in FERC Tx Planning Rule
Energy Groups Press Regulators to Scrutinize Power Grid Costs
LPPC and Advocacy Groups Advance Transmission Planning Cost Management Proposal at FERC
LPPC Discusses Electrification at USEA's 2024 State of the Energy Industry Forum
PUF Covers LPPC Grid Reliability Event with Sen. Kevin Cramer
LPPC Hosts a Discussion on Reliability with Sen. Kevin Cramer (R-ND)
Where Community Matters Most
LPPC Announces Tom Falcone, CEO of LIPA, and Jackie Flowers, Director of Utilities at Tacoma Public Utilities, as New Chair and Vice Chair
Commentary: Look no further than Long Island for a case for public power
Navigating the Path to a Sustainable and Reliable Power Supply
Clearing the Path for Permitting Reform
Leading on Clean Energy Expansion
Fitch Says Deleveraging Era Over For Public Power Utilities
LPPC Welcomes Nashville Electric Service as Newest Member
IRS guidance on renewable tax credit transferability, direct-pay provisions of IRA, garners mixed reviews
Treasury Proposes Rules on Monetizing Energy Tax Credits
Domestic Content Rules for Direct Pay Continue to Lack Clarity and Certainty
President’s Post: Permitting Reform & Protecting Direct Pay Priorities as LPPC CEOs Meet with Members of Congress
US Releases Made-in-America Rules for Clean Energy Credits
LPPC Calls for Certainty and Clarity on Domestic Content Requirements
Can Utilities Rise To The Challenges Presented By Decarbonization?
Panel Debates Impact of Renewables, Electrification on Reliability
To Electrify America, Advance Permitting Reform
LPPC Discusses Pathways to Decarbonization at USEA’s 2023 State of the Energy Industry Forum
LPPC Discusses Clean Energy Tax Credits and Decarbonization with Bloomberg Government
LPPC Provides Comments to Treasury on Clean Energy Tax Credits
President's Post: Public Power CEOs and Federal Policymakers Convene at LPPC's Post-Election Forum
LPPC CEOs Present at the Public Power Community Forum
LPPC at National Clean Energy Week
LPPC Chair and Austin Energy General Manager, Jackie Sargent, Discusses Carbon-Free Goals and More on Grid Talk
U.S. public power sector tackles emerging ESG challenges, inflation
Chair’s Post: Embracing Diversity, Equity and Inclusion to Secure our Energy Future
LPPC Submits Comments to FERC on Transmission Planning
LPPC Leads Cross-Industry Push for E-Mobility
LPPC Members Fly In to Advocate for Public Power Communities
A Preview of Energy Transition Hopes and Hurdles for 2022
API Taps New Chief Lobbyist
LPPC Signs Joint Letter on Sequestration and Direct Subsidy Bonds
Joint Public Finance Network Letter to Congress In Support of Legislation In Response to COVID-19
Letter to Congress Regarding Near-Term for Customers and Communities in Response to COVID-19
LPPC Federal Reserve Municipal Liquidity Facility Letter
Joint Trades Community Owned Utility Direct Pay Letter
Letter to Treasury of Private Use
Letter to Treasury on Priority Guidance
GridWise Alliance and Grid Infrastructure Advisory Council Letter
Tulsa World: Utility Workers—A New, Unsung Hero Emerges During Times of Crisis
S&P Global: Municipal Utilities Call For Return Of Financial Tools To Get Through Pandemic
Morning Consult: Hidden Heroes Keeping The Lights On
Utility Dive: The (Energy) Efficient Road to Small Business Recovery
S&P Global: Public Power Utilities Say They Have 'Weathered' COVID-19 Storm; S&P Adds, 'So Far'
The Bond Buyer: Power Utilities Still Plan Capital Improvements
Morning Consult: Utilities Coalition Letter Rallies Congress to Include Support for Public Power in Coronavirus Stimulus
Morning Consult: Worldwide Denial-of-Service Cyberattacks on Utilities Up Five-Fold This Summer, Data Shows
Utility Dive: Public Power Leaders See Lasting Effects from 2020 Disruptions with New Approaches to Resilience, Equity
Public Utilities Fortnightly: Saluting the Workforce at Large Public Power Council; Conversation with LPPC president John Di Stasio
E&E News: Quest for 'Common Ground' Continues as Clock Ticks
POLITICO Morning Energy: Defending from Future Cyber Attacks
Agri-Pulse: Biden's Clean Power Target Poses Stiff Challenge for Some Rural Power Providers
PV Magazine: Sunrise Brief - Leaders Urge Support for Clean Energy Tax Breaks that Benefit Public Power
POLITICO: How Much Companies That Paid No Corporate Income Tax Spent on Lobbying
Utility Dive: Utilities to DOE - More Information, Not New Regulations, Needed to Secure the Grid
The Hill: Want a Clean Energy Future? Look to the Tax Code.
2022 Public Power Community Conference: Navigating an Industry in Transition
President’s Post: Fulfilling Our Mission to Benefit Public Power and America
Keeping America Powered: Meet Utility Workers Essential To Their Communities (Part 3)
Keeping America Powered: Meet Utility Workers Essential To Their Communities (Part 2)
Keeping America Powered: Meet Utility Workers Essential To Their Communities (Part 1)
Meet Our Essential Workers: Performing a Critical Role in Our Communities
E&E News: FERC unveils transmission plan seen as key for renewables
Canary Media: The US needs to build a bigger, stronger grid. FERC has a plan for that.
Austin Energy and LIPA Leaders Take the Reins at LPPC
LPPC Urges Congress to Consider Public Financing Tools in any COVID-19 Economic Stimulus Bill
LPPC Urges Congress to Support Public Power Communities
Large Public Power Council Chair and Vice-Chair Offer Insight on Response to the Coronavirus, Plans for Re-entry
LPPC Issues Statement on Clean Energy Innovation and Deployment Act of 2020
LPPC Calls on Congress to Prioritize Public Sector Infrastructure Investment
LPPC Issues Statement Regarding EPA’s Proposed Rulemaking on Mercury and Air Toxics Standards (MATS)
Large Public Power Council Welcomes Austin Energy General Manager Jackie Sargent as New Chair, Long Island Power Authority CEO Tom Falcone Elected Vice Chair
LPPC Issues Joint Statement Regarding FERC’s Proposed Rule on Transmission Planning