EPA’s Clean Power Plan and Energy Independence Usher in New Era of Cybersecurity Risks

Clean Energy Block Building Blocks

I had planned on discussing this topic at the 2015 Industrial Control System (ICS) Cyber Security Conference in Atlanta GA on October 29, 2015. However, I wasn't able to attend the meeting since I had a family emergency. I will post the presentation or talk shortly. Below is an abstract from my presentation.

Affordable, abundant, and environmentally preferable natural gas in North America together with EPA’s Clean Power Plan are unknowingly increasing risks on existing natural gas pipelines and gas-fired power generation. While Congress, FERC, EPA and stakeholders are focused on how the Clean Power Plan will affect electric reliability and costs, little attention is given to resiliency of the natural gas pipeline systems, the role they will play in the next 15 years, and who will bear the costs of maintaining resiliency and mitigating greater security risks.

Trends in the last 10 years show an electric power sector getting more “gassy”, at the expense of fuel diversification and other power fuels like coal, nuclear, fuel oil and biomass. National and state policies to promote renewable energy will place even greater reliance on gas-fired power generation that are integrating growing wind and solar generation in regional electric grids. When these trends are combined with aging natural gas pipeline systems, increases in physical accidents and cyber attacks on industrial control systems (ICS), the overall risks go well beyond gas pipelines and a gassy power sector and can affect natural gas and electricity markets. ICS owners and security providers must rethink their definition of “critical assets” and attempt to determine how resilient such assets are. The chronological age of the gas pipelines and the roles that they play in regional electric markets may dictate a more robust SCADA and physical security program expenditures then just increasing expenditures on cybersecurity. To achieve high levels of resiliency, ICS operators and security providers will also have to increase their efforts to integrate traditional IT security with physical security and ICS security as well as factor aging infrastructure into their risk assessments and mitigation plans.