Speakers and other participants discussed many interesting aspects of the committee’s results, what has changed in recent years, and how lessons learned about the grid’s resilience to terrorism could also be applied to threats from natural disasters. This chapter recaps points made by individuals at the workshop; none of the following statements should be construed as consensus findings, conclusions, or recommendations.
• Many workshop participants observed that Terrorism and the Electric Power Delivery System1 is still relevant, although various participants identified notable developments since the report was written including a growing sophistication of cyber-attacks, improvement in the availability of replacement transformers, increased recognition of the significance of several high-profile natural disasters, and increased use of intermittent renewable energy technologies.
• There have been several high-profile natural disasters since the report was published. Although the report was written to address resilience of the power grid to terrorism, many similarities with resilience to natural disasters were identified by workshop participants. As noted, the apparently increasing frequency and severity of natural disasters are a further reason that reducing the vulnerability of the grid will be beneficial.
• The risk of outages, whether from terrorism or natural causes, cannot be eliminated, but some participants suggested ways that their frequency, extent, and duration could be reduced by making the system more robust, and the effects of catastrophes mitigated by advance planning and preparation.
• Industry participants, notably, advanced the view that the vulnerability of large power transformers at substations is still a major concern. Some noted that the loss of even one at a substation could incapacitate the substation until a replacement could be supplied, which could take months. Participants identified progress made by the Department of Homeland Security toward a standardized design recovery transformer but continued to express concern about the issue, observing that advanced planning can significantly reduce recovery time following a terrorist attack or major disaster such as Hurricane Sandy.
• Some participants observed that improved instrumentation and controls over power flow on the grid could reduce the extent of outages as well as facilitate the integration of renewable energy sources.
• Cyberattacks have become more frequent and more sophisticated since the report was written, and some participants noted that, as control of the grid becomes increasingly dispersed, the ability to resist and respond to cyber threats could depend on an increasing use of real-time
1 National Research Council, 2012, Terrorism and the Electric Power Delivery System, The National Academies Press, Washington, D.C.
analytics, a secure supply chain, and redundant control centers. They observed, however, that all components of the control system must be built with high security, or the security of the entire system may be compromised. A number of workshop presentations that recapped ongoing efforts by NERC and the National Institute of Standards and Technology to develop a framework for supply chain security prompted some participants to conclude that while these efforts are beneficial overall, such efforts do not necessarily address how to identify key risk factors given a diverse set of system configurations.
• The workshop discussion of recent natural disasters such as Hurricanes Katrina and Sandy have exposed how crucial the electric power delivery system is for providing basic needs such as medical services and fuel. One participant suggested that understanding the threats posed by natural disasters and terrorist attacks requires a holistic view of risk assessment for both the grid and those sectors which rely on its services. Other participants noted that improving the resilience of critical service providers such as banks, gas stations, or hospitals may not fall directly within the electric power system’s purview, but such projects may prove too costly for many industries to undertake on their own.
• Numerous workshop participants expressed concern over the depth of technical expertise available to many regulatory bodies, particularly as it pertains to cybersecurity and the range technical challenges affecting the performance of the power grid have developed in recent years, and the pace at which they are appearing. They observed that, without clear metrics for cybersecurity, in particular, it is difficult for regulatory agencies to understand the types of risk associated with different configurations and architectures of control systems and the value of protective measures.