July 20, 2017

In a recent study of over 600 electric utility employers, 72% of professionals identified physical and cybersecurity as the most pressing issue for the sector in 2017. The study, published in State of the Electric Utility Industry 2017, was produced by Utility Dive.

Top 5 Issues for Utility Sector

The top five issues for the utility sector include physical and cyber grid security, distributed energy policy, rate design reform, ageing grid infrastructure, and reliable integra­tion of renewable and distributed energy resources.

Likewise, physical security and cybersecurity for utilities remain a top concern for the Federal Energy Regulatory Commission (FERC) and the North American Energy Regulatory Commission (NERC).

Security and Disturbance Threats to the Grid

There are several threats to the security of the electric grid. In addition to cybersecurity risks, intentional electromagnetic pulse (EMP) threats pose an ongoing challenge to electric utility grid reliability. In addition, the bulk-power system (BPS) can also be impacted by electromagnetic events, such as naturally-occurring geomagnetic experiences from solar storms and EMP attacks.

There is equipment designed to generate localized high-energy bursts designed to disrupt, damage or destroy electronics such as those found in control systems on the electric grid. EMPs can be generated by devices that range from small, battery-powered units to missiles equipped with nuclear warheads.

3 Effects of EMP Devices

In a recent report from Los Alamos National Laboratory, depending on the yield of the device and altitude of its detonation, EMP devices can generate three distinct and often devastating effects that impact different types of equipment:

  • E1: A short, high energy radio frequency-type that can destroy electronics
  • E2: A slightly longer burst that is similar to lightning
  • E3: An effect that generates electric currents in power lines and equipment which can damage or destroy equipment such as transformers

Any of these can cause voltage problems and instability on the electric grid, which could lead to wide-area blackouts, according to Cheryl LaFleur, Acting Chairman of the Federal Energy Regulatory Commission.


Not surprisingly, FERC has been active in discussions on EMP and GMD. “The risks posed by EMP and geomagnetic disturbances (GMD) events have been the subject of significant research and debate, as well as broad discussion among regulators, elected officials, industry, and other stakeholders about the appropriate steps to address these threats,” LaFleur says. The threats posed by electromagnetic events, particularly GMDs, have been a priority, she adds.

In 2014, FERC approved NERC’s Physical Security Reliability Standard (CIP-014-1). These NERC reliability standards require responsible entities to assess and mitigate vulnerabilities to critical transmission facilities through resiliency or security measures designed collectively to deter, detect, delay, assess, communicate, and respond to physical threats and vulnerabilities.

NERC Reliability Standards: The Power of Record Keeping and Resilience

FERC, NERC, and the industry have also dedicated significant attention to improving grid resilience as the foundation for grid reliability and maintaining a steady source of energy for millions.

Resilience efforts cover a range of actions that grid owners and operators can take to reduce the risk associated with the loss of individual or multiple assets and to improve recovery and restoration following such losses.

For example, the summer storm season is currently active in North America. The potential for disruption means electric utilities must make certain their NERC reliability programs are as detailed as possible. The NERC reliability programs must focus on data integrity and management in addition to a clear resolution process. Record-keeping is also of critical importance to bolstering resilience programs.

All electronic records related to NERC reliability standards should be integrated into a defensible compliance management system like AssurX. The system should capture and centralize all data related to measurement, training, maintenance and mitigation.


Threats to the bulk electric system can come from cyberattack or acts of nature. FERC and NERC are focused on improving grid resilience but expect operators to execute comprehensive compliance management plans to mitigate any disturbances. This includes implementing an integrated electronic record solution as part of a secure architecture.

When evaluating a document management system, ensure it is flexible, integrates with enterprise systems, is secure and also compliant with NERC reliability standards. Furthermore, it is critical to design and implement a dependable system that can control all existing data, while providing enough capabilities to meet future energy regulatory requirements.

AssurX White Paper: Leveraging a Culture of Compliance in the Utilities Industry

WHITE PAPER: The biggest challenges and requirements for achieving compliance in a new age of risk, constant change and regulation.