May 12, 2021 David Wagman

Following the cyberattack on the 5,500-mile-long Colonial pipeline, which delivers refined petroleum products to Eastern markets, Protect Our Power renewed its call for the Biden administration and Congress to make the security and resilience of the U.S. electric grid a top priority in pending infrastructure legislation.

“We’ve been warned repeatedly during the last several years by major U.S intelligence agencies that a crippling cyberattack on our critical infrastructure was not a question of if, but when,” said Jim Cunningham, executive director of the grid advocacy group. The group said that the Colonial pipeline cyberattack and last year’s SolarWinds attack, “makes it clear that our electric infrastructure is vulnerable” and in need of “significant” security upgrades.

The group pointed to the weather-related outages in Texas in February as an example of the financial and social costs that could result by losing power “even for a short period of time.”

The group has recommended that around $22 billion be provided over five years to:

• Provide funding to municipal power companies and rural electric utilities to offset the cost impact on consumers that would be incurred by dramatically improving grid resilience programs in the near term. $12 billion
• Build separate and more secure communications systems that control actual power system operations. $5 billion
• Upgrade the quality and availability of financial and intellectual resources needed by government officials and state regulators to conduct the prudent oversight necessary to assure reliable electric power distribution systems. $3 billion
• Provide funding for regional power grid operators to upgrade their systems to prevent, mitigate, and recover from cyberattacks. $1 billion
• Promote, facilitate, and provide incentives for developing a “Made in America” power industry supply chain. $500 million

Protect Our Power also suggested providing funding for programs such as testing centers to ensure the integrity of critical grid hardware and software components prior to installation, facilitate the rapid tech transfer of government-developed cyber protection technologies to electric utilities for commercial implementation, and to establish a supply chain protocol and provide seed money to create a quasi-governmental oversight entity to ensure that the products and services used to build and maintain a reliable electric grid and related systems are not intentionally infected by foreign suppliers.

pv magazine reported earlier this year that President Joe Biden said the government had elevated the status of cyber issues and was launching an “urgent initiative” to improve U.S. capability, readiness, and resilience in cyberspace. The earlier reporting said that solar energy systems of all sizes could pose a risk to the grid in much the same way that an attack on a conventional power plant could result in widespread blackouts.

The consequences of a cyberattack could be as minor as reducing a solar array’s power output, or as major as overloading a battery energy storage system to the point of failure. In a worst-case scenario, an intruder could initiate plausible, yet inappropriate commands that disable large portions of the grid.

Protect Our Power said it has worked since 2016 with key stakeholders, including power companies and federal and state officials, to drive needed physical and regulatory improvements and advocate for a national policy to address what it said is a “national threat.”