Journal of Critical Infrastructure Policy Volume 1, Number 2, Fall/Winter 2020 | Page 213

Electric Power Grid Disruptions : A Time Series Examination

connection to changes in demand loss by year . Notably , the number of outages lasting more than one day has decreased .

Physical

threats to the power grid are a concern . While reports of vandalism against the power grid are high , reported suspected cyber-attack activity was relatively low , as compared with other causes of power outages . Cyber-attacks could result in widespread loss of electrical services including long-duration , and largescale blackouts . It is important to note that the relatively small numbers of reported cyberattacks do not necessarily correlate with the overall level of cyber-attacks upon systems ; rather , they represent those cyber-attacks resulting in significant threat or power outage .

A greater reliance on digital computing and connectivity increases the visibility of today ’ s electric grid system ( National Conference on State Legislatures 2020 ). This new visibility increases the prospect of targeting from malign actors both inside and outside the country . Overall system reliability can be impaired by cyber-attacks on both the information and operational technology components supporting grid operations .

Utilities are routinely faced with new cyber-attack challenges and consequently maintain a set of best practices to keep systems secure and up to date . The increasing risk of cyber-attacks to the grid is related to several factors . Increasingly , systems may be controlled from remote locations and existing control systems may contain internet vulnerabilities . Potential risk also exists in the form of compromised supply chains . In June 2018 , the North American Transmission Forum ( NATF ) issued guidelines for member entities when contracting for vendor equipment and services . Selecting vendors and equipment that meets industry best practices can reduce vulnerabilities to cyberattack . However , due to interconnections among adjacent utilities and dependencies on vendor services , prudent procurement is beneficial but not a guarantor of adequate cyber protection .

Concern about electric utility underreporting of cyber incidents may have prompted FERC to issue an order in mid-year 2018 to strengthen the reporting of such incidents under the Critical Infrastructure Protection Act ( CIP ) reliability standards ( Cyber Security Incident Reporting Standards , July 19 , 2018 ). New standards requiring minimum information standards , deadlines and a requirement that reports be sent to the Department of Homeland Security will become effective on January 1 , 2121 ( Eke 2019 ).

Other information sources suggest that cyber-attack data is less forthcoming than one would expect . S & P Global ( 2020 ) in its report dated September 25 , 2020 , suggests that due to security risks , the FERC and NERC may prefer to keep cyber violation details concealed from a security risk perspective . Obviously , without adequate transparency in reporting cyber-related incidents , it will not be possible to ascertain the full scope of cyber-attack activity . This would compromise the safety and security of the grid , and would continue to impact grid safety metrics .

209