Complete Final Agenda for the Summit is available here.
Day 2
The DOE Keynote was delivered by David Turk framing the challenges we face as the energy transition unfolds. Grid Reliability and cybersecurity were top of the list. He was followed by other government officials describing activities the US Government is taking to support the energy industry with cybersecurity protections. I found the comments of Deputy Director Drenan Dudley, Office of the National Cyber Director particularly interesting because of the ONCD’s role in driving the national cybersecurity strategy and implementation.
Sue Tierney then led a panel discussion on Grid Modernization. She was the perfect moderator for this discussion given her deep involvement in plans to address Gas-Electric harmonization and the need to address seams issues that were exposed by Winter Storm Uri which killed over 200 people in Texas. Gene Rodrigues with the DOE Office of Electricity made the most compelling argument for why we need to address the energy transition challenges head-on, and the risk of extreme weather events.
Shlanda Baker with DOE led a panel discussion on Market solutions for the grid transition, which some are now calling “grid transformation”. Former FERC Commissioner Collete Honorable made the most compelling impression given her unique perspective having previously served as a regulator at FERC and is now working in the private sector at Exelon. The DOE has taken a significant step in 2023 by defining a formal set of grid services standards within NAESB, which may be transacted within energy markets. These formal grid service definitions and standards will enable the creation of precise contract language for DER participation into whole capacity markets and other energy markets, currently underway in NAESB.
Lunch time offered an opportunity to engage with others. I met with colleagues from Hitachi who were instrumental in “pushing the needle” on the need for a trust anchor for the digital world in a 2021 discussion at the World Economic Forum in Davos. I expressed my belief that the Japanese vision of “Society 5.0” with cyber-physical fusion occurring all around us is a prime example of how the IETF SCITT initiative could be applied to establish a trust anchor/Trust Registry for Society 5.0. The 2021 Hitachi paper presented at Davos in 2021 is available through this article.
I met the guy working at California ISO that coined “the duck curve”, Clyde Loutan.
I also talked with colleagues working with DOE and NERC on the need to “speed up” cybersecurity best practices for the industry and provide cybersecurity protections for the entire electric grid, not just the BES.
The breakout sessions commenced after lunch and I had to choose the sessions to attend. I chose to attend the CISO led panel discussion led by Brian Barrios at Southern California Edison with leading CISO’s from across the electric industry on the panel. One of the hot topics was the SEC Cybersecurity Regulations that went live in December 2023 and the SEC’s lawsuit against Solarwinds and its CISO Tim Brown. There was also a discussion of the expanding cyber-attack surface that comes with more DER in the energy transition. I was able to pose the question “Are the SEC Cybersecurity Regulations a net positive or net negative for CISO’s?” The response was unanimous, a net positive. This was also the view of Joe Sullivan, Uber’s former CISO who you can hear in this interview expressing the positive aspects of regulations that engage all of management.
This was followed by a session titled Principles for Cybersecurity Risk Management in the Energy Sector
This panel addressed principles drafted by DOE CESER to guide the multiple, distinct partners that share risk in providing reliable power to the nation. Panelists came from the vendor community as well as standards development community. Brian Lyttle at INL presented the principles framework which contained significant alignment with existing best practices and guidelines from NIST and CISA. I didn’t sense any opposition to the framework from any of the panelists.
I was able to catch the final few minutes of How Artificial Intelligence May Help and Hinder the Secure Energy Transition, led by Andy Bochman at INL. This was a special moment for me as Andy and I have interacted for years online but never met face-face. I won’t provide any additional comment as Andy has already provided a concise view in this write-up which I support and agree with.
There was a reception following the meetings with lots of discussion about the day’s events and topics and some good appetizers.
Day 3 started with a keynote from Anne Neuberger, Deputy National Security Advisor at the Office of National Cyber Director (ONCD). Anne mentioned the need for greater visibility into the risk landscape in energy and expressed the need for more collaborative engagement on trustworthiness, mentioning the forthcoming Cyber Trust Mark. I was hoping to hear her “restaurant cleanliness score analogy” to describe the level of transparency that consumers deserve from the digital world of things, but that didn’t happen; not a problem since I’ve written in the past about her restaurant cleanliness score analogy as a means to rebalance cyber-risks.
A panel discussion on Cybersecurity’s Role in a Resilient Clean Energy Future was hosted by Lili Colon in place of Puesh Kumar who was feeling under the weather. This cybersecurity leadership panel discussed challenges and opportunities for cyber and the clean energy transition. The single most encouraging aspect of this panel, to me, was the show of allegiance and commitment from DOE and CISA, two of the nation’s cybersecurity experts, to make a real difference in improving cybersecurity across the entire electric grid. CISA has demonstrated its ability to convene and foster public-private partnerships to produce effective outcomes, such as the ICT_SCRM Task Force has completed and the commitment from DOE with their Energy Threat Analysis Center (ETAC), working in collaboration with CISA in applying NIST best practices for cybersecurity. This is the type of cross collaboration and public-private engagement we need to protect the entire electric grid, following the guidance of our cybersecurity experts.
Then it was my turn to be a panelist with Patrick Miller moderating a session discussing the Role of Cyber Regulations and Standards for the Energy Transition. We discussed how cybersecurity standards and regulations must change to support the energy transition. I could easily write a long piece on everything that was discussed, but I’ll focus on the main messages. We must put our best cybersecurity players from NIST, CISA and DOE in charge of cybersecurity practices that can protect the entire electric grid. The current NERC process in responding to cybersecurity threats is too slow; NERC is working on a cybersecurity request that was submitted in 2016, and is still an open item in 2024. This is unacceptable; we need to adopt processes that can keep up with the pace of innovation and match the capabilities of the adversaries if we ever want to catch-up and hope to get ahead of the hackers. The message from Alan Herd from FERC was most compelling, he stated clearly that FERC does not make standards, but looks to industry to provide standards and guidance for regulations. This led to a call to action to audience members to engage in the creation of cybersecurity standards and discussions in industry forums aimed at providing FERC with guidance, such as NAESB meetings and discussions taking place within the Energy Central community. We must eliminate the fear of regulatory reprisal when speaking the truth about cybersecurity. I mentioned the good work underway in Japan on “Society 5.0” to provide greater trust in the digital world that touches everyone’s lives as cyber-physical fusion picks up momentum.
I had several private conversations following the panel discussion on ideas to improve our approach to improving cybersecurity response and matching the pace of innovation that our very capable adversaries represent.
I had lunch with Mark Lauby from NERC where I thanked him for all the good work NERC has done over the years to keep our Bulk Electric System (BES) reliable. In my opinion, NERC is the very best resource and most expert forum to address grid reliability challenges presented by the electromagnetic physics and forces that are always present, to create a reliable electric grid. I also pointed out that NERC has not had the same level of success with developing effective cybersecurity standards, which is tarnishing NERC’s stellar reputation and overall performance. NERC really shouldn’t have to take a black eye trying to grapple with cybersecurity challenges, which are very different from electromagnetic forces and weather disruptions. Cybersecurity has an active adversary that does not follow Maxwell’s equations or Kirchoff’s laws. Cyber-criminals represent a whole different type of challenge that NERC is simply not equipped to confront. We need to put our best cybersecurity players on the field to face the cybersecurity adversary, NIST, CISA and DOE and let NERC focus on what it does best wrangling the electromagnetic forces into a stable, reliable and resilient electric grid. There is more than enough work to do in this area given all the changes coming with the energy transition and DER deployment. NERC would do well by transferring cybersecurity standards responsibilities over to those that are best equipped to take on the cyber adversaries by having DOE, the Energy Sector Risk Management Agency (SRMA), take the lead on cybersecurity initiatives for the entire electric grid with help from NIST and CISA and NARUC. NERC should not have to take a black eye for cybersecurity, an area that is far outside of its power system engineering strike zone and expertise.
I wrapped up the day by attending the GMI planning session which led to a round table discussion on risks to grid reliability and the astute observations of NERC citing Energy policy as a top priority for grid reliability going forward in the 2023 ERO Reliability Risk Report.
I want to thank Energy Central for sponsoring my participation in the DOE Summit.
