|
submitted a draft standard,known as CIP-014,to FERC in 77 America,inject computer viruses into grid control systems,
<br /> days,which FERC subsequently approved.2 bomb transformers and substations,and knock out power
<br /> lines by the dozen.
<br /> Industry Action
<br /> APPA and its members continually seek to promote increased American Public Power Association Position
<br /> physical security in a variety of manners and forums: The Association supports the adoption by public power utilities
<br /> of appropriate physical-security measures that take into account
<br /> • The Association and its members are intimately involved the specific assets being secured.APPA also supports enhanced
<br /> in the Electric Subsector Coordinating Council(ESCC), dialogue between the industry and federal government on
<br /> one of the coordinating councils established in the National physical-security threats and potential remediation,but does not
<br /> Infrastructure Protection Plan(NIPP) to facilitate ongoing support federal mandates in this area at the distribution level
<br /> communication between the sector(or subsector)and its sec-
<br /> tor-specific federal agency,which in the case of the ESCC is because a"one-size-fits-all"approach would do little to secure
<br /> the Department of Energy(DOE).The ESCC,which meets those assets.In addition,the Association supports the FERC/
<br /> three times a year,is a venue for senior industry and govern- NERC relationship codified in FPA Section 215 and as used
<br /> ment officials to coordinate sector-wide policies and initia to craft a standard on electric utility physical security for the
<br /> tives to improve cyber and physical security and emergency bulk-power system.
<br /> preparedness.
<br /> • In September 2016,APPA released a guidebook,Physical American Public Power Association
<br /> Security Essentials:A Public Power Primer,to educate its Contacts
<br /> membership on security terms,concepts,risk analysis,infor- Amy Thomas,Government Relations Director,
<br /> mation sharing,incident response,drills,and exercises.The 202-467-2934/athomas@publicpower.org
<br /> guidebook features a security checklist that helps identify
<br /> and mitigate security gaps,as well as improve overall security Cory Toth,Government Relations Director,202-467-2939/
<br /> awareness. ctoth@publicpower.org
<br /> • The Association hosted two security-related tabletop exercises Nathan Mitchell,Sr.Director,Electric Reliability Standards and
<br /> in 2016.The first was held in June and featured a coordinat Security,202-467-2925/nmitchell@publicpower.org
<br /> ed cyber-attack scenario similar to the Ukraine-cyber attack Sam Rozenberg,Engineering Services Security Manager,
<br /> that occurred in late 2015.The second,held in October,was 202-467-2985/srozenberg@publicpower.org
<br /> intended to review,validate,and examine gaps in the Public
<br /> Power Mutual Aid Playbook(MAP),in a scenario of signif-
<br /> icant physical damage caused by an earthquake in the New
<br /> Madrid Seismic Zone.This tabletop exercise was funded in The American Public Power Association is the voice of
<br /> part by a grant awarded to APPA by DOE. not-for-profit,community-owned utilities that power
<br /> 2,000 towns and cities nationwide.We represent pub-
<br /> • On November 18-19,2015,APPA and other members of lic power before the federal government to protect the
<br /> the electric utility sector participated in the third bi-annual interests of the more than 49 million people that public
<br /> Grid Exercise(Grid Ex),a simulated combined cyber and power utilities serve,and the 93,000 people they em-
<br /> physical attack organized by NERC. Grid Ex III gave the ploy. Our association advocates and advises on electricity
<br /> 360 electric entities and government agencies participating
<br /> the opportunity to check the readiness and preparedness policy,technology,trends,training,and operations. Our
<br /> members strengthen their communities by providing
<br /> for cyber and physical attacks.These attacks caused utili- superior service,engaging citizens,and instilling pride in
<br /> ties to enact their crisis-response plans and"walk through" community-owned power.
<br /> internal security procedures.While the details of the exact
<br /> simulations are classified,press reports indicated that the
<br /> threat scenario included attempts to turn out the lights across
<br /> 2(See APPAs"Cybersecurity and the Electric Sector"issue brief for more infor-
<br /> mation about the FERC/NERC relationship,as codified in FPA Section 215.)
<br /> y4 PublicPower.org
<br /> 196
<br />
|