Phoenix Convention Center • Phoenix, Arizona

When Prevention andPreparation May Not be Enough:Resilience and Recovery for the

Electricity Sub-Sector

Operational Resilienceand Recovery

]

David BatzDirector, Cyber & Infrastructure Security

Edison Electric InstituteAugust 12, 2015

Energy Exchange: Federal Sustainability for the Next Decade

Edison Electric Institute

U.S. investor- owned electric companies

Our members:Represent 70% of US

Power IndustryProvide electricity for

220 million AmericansOperate in all 50 states

and DCEmploy more than

500,000 workers

Energy Exchange: Federal Sustainability for the Next Decade

• Engineered for fault tolerance• In the face of failure scenario:

RespondRestoreRecover

Bulk Electric System Resilience

4

Metcalf Incident April 16, 2013 WSJ 2/2014

Assault on California Power Station Raises Alarm on Potential for Terrorism

Sniper Attack On Calif. Power Station Raises Terrorism Fears

High-Powered Attack On PG&E Substation Raises Concerns About Combined Threats to Grid

U.S. Risks National Blackout from Small-Scale Attack

How Safe and Reliable is America’s Electric Grid?

Electric-Grid Attack Fuels Sniper-Versus-Hacker Debate

Power Grid Preparedness Falls Short, Report Says

Concern Over Power Grid Security Mounts in Congress

Energy Exchange: Federal Sustainability for the Next Decade

Bulk Electric System Resilience

• 500-230 kV• 345-161 kV• 345-138 kV• 345-115 kV• 230-138 kV• 230-115 kV• 230-069 kV• 138-069 kV

Spare Transformer

Equipment Program

Energy Exchange: Federal Sustainability for the Next Decade

International Resilience

• Voluntary Program• Provides access to transmission and

generation step-up (GSU) transformers and related equipment, including bushings, fans, and auxiliary components.

• An Online tool to– Communicate equipment needs– Identify points of contact for

equipment• Utility-to-Utility arrangements are made offline

Energy Exchange: Federal Sustainability for the Next Decade7

• Transformers and other critical, long lead-time equipment• Qualifying events like physical attacks, electromagnetic pulses,

solar storms, cyberattacks, earthquakes and severe weather events

• Industry-based initiative that plans to own and maintain equipment at secure, strategically located warehouses, and to offer additional logistics support to expedite equipment transportation to impacted sites. Grid Assurance will not be FERC-regulated, but plans to charge cost-based subscription fees, similar to FERC-regulated transmission, to facilitate subscribers’ ability to recover expenses.

Grid Assurance

Energy Exchange: Federal Sustainability for the Next Decade

EEI Threat Scenario Project

Energy Exchange: Federal Sustainability for the Next Decade

• Coordinated Cyber Attack• Advanced Persistent Threat • Disruption of Voice and Data Services • Coordinated Physical and Cyber Attack • Insider Sabotage • Pandemic• Supply Chain Disruption or Compromise • Catastrophic Human Error• Intentional Electromagnetic Interference• Distributed Denial of Service

Identification of Top Threats

Energy Exchange: Federal Sustainability for the Next Decade

Spectrum of Threat Actors• Nation States (and their surrogates)

• Sophisticated Terrorist Organizations (and their surrogates)•Mercenary Criminal Organizations

• Domestic Extremist Organizations (and their surrogates)• Elite Hacker Organizations• Co-opted Third Party Maintenance

Providers• Disgruntled Insiders

(as well as threat-specific variations of the above actors)

Energy Exchange: Federal Sustainability for the Next Decade

Your Turn: Questions

Energy Exchange: Federal Sustainability for the Next Decade12

Backup Slides

Energy Exchange: Federal Sustainability for the Next Decade

Industry-Government Organizational Structure

16 Critical Infrastructure Sectors & Sector-Specific Agencies

• Principal liaison between the electric power industry and the federal government

• Establishes dialogue between industry CEOs and senior administration officials

• Facilitates and supports the coordination of subsector-wide, policy-related activities designed to improve the resilience of the electricity sector

Areas of Focus:

Tools & Technology

Information Flow

Incident Response