analytics, a secure supply chain, and redundant control centers. They observed, however, that all components of the control system must be built with high security, or the security of the entire system may be compromised. A number of workshop presentations that recapped ongoing efforts by NERC and the National Institute of Standards and Technology to develop a framework for supply chain security prompted some participants to conclude that while these efforts are beneficial overall, such efforts do not necessarily address how to identify key risk factors given a diverse set of system configurations.
• The workshop discussion of recent natural disasters such as Hurricanes Katrina and Sandy have exposed how crucial the electric power delivery system is for providing basic needs such as medical services and fuel. One participant suggested that understanding the threats posed by natural disasters and terrorist attacks requires a holistic view of risk assessment for both the grid and those sectors which rely on its services. Other participants noted that improving the resilience of critical service providers such as banks, gas stations, or hospitals may not fall directly within the electric power system’s purview, but such projects may prove too costly for many industries to undertake on their own.
• Numerous workshop participants expressed concern over the depth of technical expertise available to many regulatory bodies, particularly as it pertains to cybersecurity and the range technical challenges affecting the performance of the power grid have developed in recent years, and the pace at which they are appearing. They observed that, without clear metrics for cybersecurity, in particular, it is difficult for regulatory agencies to understand the types of risk associated with different configurations and architectures of control systems and the value of protective measures.