Cybersecurity: Threats, Best Practices, and Improving the Regulatory Framework
Event Summary
Three quarters of utility executives in North America believe that a major cyber attack is likely to occur within the next five years. A recent survey of utility professionals found cyber and physical security to be the most pressing issues facing the industry.
Recall that a 2015 cyber attack on Ukraine’s power grid blacked out over 100 cities and towns. Closer to home, in 2017, hackers targeted critical energy infrastructure, breaching computer networks of various U.S. power plants, including the Wolf Creek nuclear station. More frequently, ransomware attacks are targeting the utility industry.
FERC, through two NOPRs, is exploring improvements to how RTOs/ISOs identify and plan for cyber attacks, as well as enhancing requirements for reporting attempted cyber attacks. Meanwhile, state policy makers and utility regulators are establishing their own cyber-related policies and requirements, exploring critical questions about risks and costs.
Please join us in exploring these timely and thorny issues as we examine current and future threats, as well as the emerging utility industry and regulatory best practices in confronting them.
Energy Policy Roundtable in the PJM Footprint #11
Presented by Raab Associates
FBI Keynote Address: Cyber Threats to Critical Infrastructure
- Special Agent Cerena Coughlin, FBI
Panel I: Emerging Industry Best Practices on Cybersecurity in the Utility (Electric and Gas) Industry
- Joseph McClelland, Director, Office of Energy Infrastructure Security, FERC
- Jonathon Monken, Senior Director of System Resilience, PJM
- Maggy Powell, Senior Manager, Real Time Systems Security, Exelon
- Dr. Erfan Ibrahim, Founder, The Bit Bazaar, LLC
- Steve Kunsman, Director Product Management & Applications, ABB Grid Automation
- Guest Moderator: William Hederman, Kleinman Center
Key Questions for this Panel:
- How should regulators, utilities, and other energy stakeholders prioritize cyber investments, and what are the relative roles of requirement vs. risk-based approaches?
- What are the likely costs, and how should those costs be recovered?
- What strategies and frameworks should FERC, NERC, and state PUCs put in place to facilitate cyber best practices, including continuous improvement?
Panel II: Improving the Regulatory Framework for Cybersecurity in the Utility Industry
- David Ortiz, Acting Director, Office of Electric Reliability, FERC
- Greg Witte, Senior Security Engineer, G2 (for NIST)
- Richard Mroz, Former President, NJ BPU
- Vinny Sakore, Chief Technology Officer, Net Diligence
Key Questions for this Panel:
- How should regulators, utilities, and other energy stakeholders prioritize cyber investments, and what are the relative roles of requirement vs. risk-based approaches?
- What are the likely costs, and how should those costs be recovered?
- What strategies and frameworks should FERC, NERC, and state PUCs put in place to facilitate cyber best practices, including continuous improvement?
Registration is required***. Rates are $100 for general registration and $50 for employees of Sponsoring Organizations, government or non-profit employees, students, retirees, & low-income individuals. Registration for Web-Streaming Only: $50 for non-Sponsors and Free for Sponsors.
Networking Reception (wine, beer, and food) following Roundtable.
***The Kleinman Center has a limited number of seats reserved for Penn colleagues and students. If you are a member of the Penn community and interested in attending, please contact Bill Cohen: cohenw@upenn.edu.