U.S. Energy Information Administration, Fuel Sources for Electricity Generation, 2018.
Since 2000, production from coal‐fired plants has increased slightly, but electrical production by natural gas has increased by over 50%, and wind power has increased almost tenfold. Nuclear power also saw a slight increase through higher efficiencies at existing plants – no new nuclear power plants have come online in the U.S. since 1996.
Many different power plants operate in tandem to maintain power flows over regions spanning thousands of miles. Since “deregulation” the entire U.S. bulk electric power system is monitored and controlled (dispatched) by regional entities known as Independent System Operators In principle, whole segments of the bulk electric power grid can be protected if transformers fail or lines go down so that failures can be isolated before they cascade to disrupt power supplies over much larger regions. The effectiveness of such failure isolation depends on the level of money spent improving electric grid infrastructure, which has been in decline for years as a consequence of electric industry deregulation. Where investments are made, monitoring is improved to adequately transfer power supply to loads through the distribution system, thereby bringing segments of the system back quicker after an outage. Identical strategies of isolation and redundancy are used on private premises to make the supplies of power to critical loads absolutely assured, insulating those loads from problems that may affect the grid.
Switches control the flow of power throughout the grid, from the power plant down to the ultimate load. “Interties” between high‐voltage transmission lines in the top tiers allow even the very largest plants to supplement and backup each other. When power stops flowing through the bottom tiers of the public grid, ‘on premise’ generators are designed to start up automatically.
In defining priorities and designing new transmission and distribution, the collaboration between utilities and critical power customers is becoming increasingly important. Most notably, because power is essential for maintaining critical services for first responders; 911 call centers, air traffic control, wireline and wireless carriers, emergency response crews, hospitals, and data centers, among others. Critical facilities often have their own on‐site back‐up generators, and some, such as hospitals, are required to by code, so that utility power loss at any given time can be remedied rather promptly. However, owners and/or users of these critical facilities must provide adequate maintenance for the local generators and periodically exercise them under load to assure they operate properly and reliably when called upon. In addition, the facility must either tolerate or mitigate the initial power interruption from its onset until the back‐up generator successfully starts and is able to pick up the loads.
From even a cursory review of the challenges faced by today’s electrical grid, it is clear that a long‐term solution for our production, distribution, and security needs will require a synthesis of our modern digital, renewable, and power distribution technologies. The “Smart Grid” is one solution proposed to fit our needs. An initial step will be the introduction of “Smart Meters,” which will allow end‐users to closely monitor and control their energy usage, as well as sell back excess energy produced by on‐site renewable resources and generators. Such a digital system, when integrated on a large scale, will allow utilities to more efficiently produce power and provide it where it is needed, as well as help decrease the frequency and severity of outages.
Energy security has serious repercussions for mission critical facilities. If the power isn’t flowing, business comes to a screeching halt. While improving our energy security is a national /global imperative, facility owners and managers also have the obligation of taking steps to ensure the continued operation and success of their businesses. This may manifest itself in many different ways, through improving physical and cyber security, decreasing reliance on the electrical grid, improving employee training to decrease the occurrence of preventable service outages, and developing an effective disaster recovery plan.
2.2 Risks Related to Information Security
The security of all of these networks is the subject of urgent, on‐going assessment. Much of the analysis has been focused on physical and cyber security – protecting the physical structures themselves, or the computers that are used to control them. But their greatest vulnerability is the loss of power upon which every aspect of their control and operation ultimately depends. While the multiple layers of the utility’s critical infrastructure are highly interdependent, electric power is, more often than not, the prime mover – the key enabler of all the others.
However, in the past, the energy industry has not typically been focused on information security risks and has been even less concerned about privacy. Equipment failures due to information security vulnerabilities are not usually anticipated, and except for an acknowledgment of damage caused by data theft, the exploitation of those vulnerabilities is not usually seen as a likely cause of catastrophic events. The root cause of the August 2003 Northeast Blackout is listed as “Human decisions by various organizations, corporate and industry policy deficiencies, and inadequate management;” proper policies backed by strong information security measures is part of the solution as well as solid training programs that include refreshment courses of emergency action, alarm response, and standard operating procedures.
According to the Federal Energy Regulatory Commission, both domestic and foreign hackers are now devoting considerable time and capital to mapping the technology infrastructures of companies. The network exploitation done to explore a network and map it has to be done whether the intruder is going to steal information, bring the network down, or corrupt data. Information security experts believe that this may be the cause of a few recent major blackouts.
Hackers are like digital spies with the ability to steal information or disrupt networks remotely. Officials need to be more aware of security breaches, as they are a national/global security issue. The intellectual capital and industrial secrets are at risk and keeping the risks quiet only makes the situation worse. The private sector, which owns most information networks that operate power plants, dams, and other critical infrastructures, needs to do more to improve security and protect critical data. A cyber‐attack could disrupt critical operations and impact customers.
The Smart Grid, being a digital system, would be vulnerable to cyber‐attacks. The sector evolves with the emergence of Smart Grids, connected to other systems such as SCADAs, IoT…etc. They require greater security monitoring since they are the entry point for cyber criminals. The combination of Information Technology (IT), Operational Technology (OT) and Internet‐of‐Things (IoT) are access gates for cyber criminals. Therefore, there is an urgent need for effective strategies in order to secure Smart Grids against cyber‐attacks. To address this hazard, recommendations have been made to build the Smart Grid from the ground up with security in mind. Some of the governing standards to address cyber security within the bulk electric power grid are the NERC suite of Critical Infrastructure Protection standards (CIP‐001 thru ‐014), Smart grid information security (IEEE 1686, P37.240, IEEE 1402, IEC‐61850). An intelligent system would be able to detect intrusions and bypass affected nodes to keep electricity flowing to consumers. This capacity to “heal” through the use of installed “smart” switches throughout the network would create a grid that is more resilient to deliberate attacks and natural disasters.
How do power outages relate to the level of reliability your company requires from an energy standpoint? Facilities can generally be classified by Tiers, with Tier I being the most basic, and Tier IV being the most reliable facility. The reason for having different tiers is due in large part to maintainability, i.e., maintaining the facility without shutting it down. Tiers I and II must be shut down to perform maintenance; Tiers III and IV are deemed “concurrently maintainable.” Critical functions will usually require a facility in the Tier III to Tier IV range or utilize other strategies such as co‐location. Although rare, it is possible that critical business functions will be located in a Tier II or even a Tier I facility configuration, despite the fact that both lack full backup and redundancy support. This practice is not encouraged.
