Mark Weatherford
Mark Weatherford

“There are known knowns; there are things we know that we know. There are known unknowns; that is to say, there are things that we now know we don't know. But there are also unknown unknowns; there are things we do not know we don't know.” 

— U.S. Secretary of Defense Donald Rumsfeld, Feb. 12, 2002

Unknown unknowns… What a strange, yet descriptive phrase. Unknown unknowns were one of the drivers that led to the report, “High-Impact, Low-Frequency Event Risk to the North American Bulk Power System,” following a North American Electric Reliability Corp. (NERC) and U.S. Department of Energy November 2009 Workshop.

High-impact, low-frequency (HILF) events are those kind of abnormal and extraordinary occurrences that have the potential to cause long-term, cataclysmic damage to the bulk electric system. They include things like coordinated cyberattacks, physical assaults or a mix of the two. They might take the form of extreme solar weather resulting in geomagnetic disturbances. They could see the high-altitude detonation of nuclear weapons or even become pandemic outbreaks.

Often called “the largest machine in the world,” the North American power grid is a vast accumulation of more than 5,000 generation facilities, 160,000 miles of high voltage transmission lines and 1,000,000 miles of distribution lines, delivering electricity to more than 334 million people.

With a real-time capacity of more than 4,119 billion kilowatt hours, consumers spend more than $365 billion per year for electricity.

Over the next 30 years, electricity demand in North America is anticipated to grow by approximately 40 percent, which will require an additional 258 gigawatts of total capacity. Not bad given that the electric telegraph was only invented in 1832 (thank you, Mr. Morse) and the installation of three-phase high voltage alternating current didn't happen until almost 60 years later.

Considering the importance of electricity to our 21st century society, it is the reliable generation and delivery of electric power that is unarguably the most influential factors to a sustainable population in North America. In fact, electricity is as important to modern civilization as water was to ancient Rome with one important exception – it is practically impossible to calculate our dependency on electricity as compared to the relationship of water in ancient civilizations.

It doesn't take a great imagination to realize that the loss of electricity over a wide enough geographical area measured in months (rather than hours or minutes) could result in unprecedented human suffering, economic devastation and profound gaps in national security. 

A grand tome like the High-Impact, Low-Frequency Event Risk to the North American Bulk Power System report is oftentimes delivered and begins to gather dust almost immediately.

That is not happening in this case because NERC's Electricity Sub-Sector Coordinating Council (ESCC) immediately went to work to develop a “Critical Infrastructure Strategic Roadmap” framework that specifically addresses the kind of severe impact risks identified in the HILF report. In a collaborative public/private partnership between NERC and the electric utility industry, a Coordinated Action Plan was drafted that identifies:

  1. four severe-impact scenarios;
  2. strategic initiatives to address those scenarios and;
  3. an action plan with key deliverables and milestones for achievement.

Typically, humans find cybersecurity risks harder to grasp and fully appreciate compared to physical threats. This is why the Coordinated Action Plan is so important. 

Due to increasing system complexity and reliance on internet (and wireless) connections to digital resources, there is the concomitant emergence of common IT vulnerabilities within the electric grid.

People seem to understand these risks when associated with more conventional IT systems, but making the abstraction to the industrial control systems that manage the electric grid seems to be a bigger leap of imagination. Because cyberattack vectors within the industrial control system environment are increasing through network intrusions, malicious code, the insider threat and a complex supply chain, both the uncertainty of the risk and the subsequent consequences are profound for the security of the grid.

The Critical Infrastructure Strategic Roadmap-Coordinated Action Plan will address a coordinated cyberattack that disrupts or impairs the integrity of multiple industrial control systems within the bulk electric system. 

In an environment where urgency is oftentimes a distraction and FUD (fear, uncertainty and doubt) prevails, this plan provides some much-needed focus for the electric industry.