US House Takes on Grid Security

Science Panel Discusses AI, Workforce Needs

The House SST Committee's Energy Subcommittee held hearings on grid modernization and cybersecurity last week.

Jul 21, 2019

Grid modernization and security were the focus of U.S. House committees as four bipartisan bills cleared one and a second held hearings on two proposals.

By Rich Heidorn Jr.

Grid modernization and security were the focus of two U.S. House of Representatives committees last week as four bipartisan bills cleared the Energy and Commerce Committee and a second panel held hearings on two other legislative proposals.

Grid Security — The House SST Committee’s Energy Subcommittee held hearings on grid modernization and cybersecurity last week.

On Wednesday, the Energy and Commerce Committee passed the following bills by voice votes, moving them to consideration by the full House:

The Enhancing Grid Security through Public-Private Partnerships Act (H.R. 359), introduced by Reps. Jerry McNerney (D-Calif.) and Bob Latta (R-Ohio), would direct the Department of Energy to encourage public-private partnerships to mitigate electric utilities’ physical and cybersecurity risks. The effort, in consultation with state regulators, industry and the Electric Reliability Organization, would promote the use of maturity models, self-assessments and auditing methods for measuring security, provide training to address supply chain risks, and encourage sharing of best practices and data collection.
The Cyber Sense Act of 2019 (H.R. 360), also introduced by Latta and McNerney, would require the secretary of energy to establish a program to identify cybersecure products for use in the bulk power system.
The Pipeline and LNG Facility Cybersecurity Preparedness Act (H.R. 370), introduced by Rep. Fred Upton (R-Mich.) — ranking member of the E&C Committee’s Energy Subcommittee — and Rep. David Loebsack (D-Iowa), would establish a program at DOE to improve the physical security, cybersecurity and resilience of natural gas transmission and distribution pipelines and LNG facilities.

The panel also approved a bill (H.R. 362) that would codify the role of Karen S. Evans, who was appointed in September as assistant secretary for DOE’s Office of Cybersecurity, Energy Security and Emergency Response.

Science, Space and Technology Committee

Evans was among the witnesses who testified Wednesday before the House Science, Space and Technology Committee’s Energy Subcommittee.

Subcommittee Chair Conor Lamb (D-Pa.) opened the hearing by touting two other pieces of legislation, the Grid Modernization Research and Development Act of 2019 — which calls for research on grid resilience, emergency response, modeling and visualization — and the Grid Cybersecurity Research and Development Act of 2019 (H.R. 4120), which would authorize a research and development program by the Department of Homeland Security, the National Institute for Standards and Technology (NIST), and the National Science Foundation to harden the grid from cyberattacks. The R&D program would include technical assistance, education and workforce programs. The bills will be introduced after the August recess.

Artificial Intelligence’s Role

Evans told the committee that DOE is seeking to spur innovation in big data and artificial intelligence, saying AI has a “critical role” in improving grid resilience. “We’re talking about … software-defined networks, autonomous solutions, really analyzing the data … to remove some of what is happening at a human level now that could be done by AI, by machine learning. That is the area that we are really exploring so that we can look at higher analysis of security, and also being able to model the resilience in real time.”

McNerney asked whether adversaries could use AI to attack the grid.

“For every great new innovation that we do … we also have to evaluate what are the potential risks associated with that and then engineer preventative solutions,” she responded. “We don’t want to stifle innovation. We want to take advantage of those things.”

Juan Torres, associate laboratory director for energy systems integration at the National Renewable Energy Laboratory, agreed.

“Just about any tool … can be used for good or for bad. That’s why it’s imperative for us to maintain that leadership in the advancements of these technologies so we are the ones using these for the right purpose and can actually deter any negative use or any attacks on these systems,” said Torres, who is also co-chair of DOE’s Grid Modernization Lab Consortium.

Torres said DOE is applying AI to four “foundational areas”: understanding complex systems theory; big data analytics; optimization to ensure distributed systems work together; and non-linear controls.

“What we’re seeing is with highly distributed systems, some of the linear control concepts that are used now on the grid may not apply in a highly decentralized type of system,” he said.

Wind, Solar Cybersecurity

Torres said DOE’s solar and wind technology offices are working with industry officials to identify the industry’s cybersecurity needs and those of distributed energy systems. DOE and the International Electrotechnical Commission on Wednesday hosted a cybersecurity workshop at the National Wind Technology Center at NREL’s Flatirons Campus in Boulder, Colo. “This event is bringing key government and industry players together for the first time to add the cybersecurity needs of the growing wind power industry,” he said.

AI would build on smart grid technologies that witness Katherine Hamilton, executive director of the Advanced Energy Management Alliance, said “have allowed the grid to operate more efficiently and with greater visibility.”

“The year of detective work necessary to determine that the Northeast blackout of 2003 was caused by a branch in Cleveland would no longer be the case thanks to these technologies,” she said.

Workforce Needs

The hearing also discussed the industry’s workforce needs. According to research funded by NIST, the U.S. has almost 716,000 people in the cybersecurity workforce and almost 314,000 job openings.

Hamilton said the workforce challenges extend beyond cybersecurity, noting that about 30% of utility employees and 40% of the industry’s engineers are millennials. “Millennials tend to change jobs faster than we’re used to in the utility workforce. You would start in the utility and retire in the utility. But people change jobs a lot faster and there are more types of jobs, so we need to find out what [kinds of] training are needed. … What are some of the skills that transfer really easily?

“In California right now, there are wildfires that are potentially going to cause public safety outages of 30 days or more … and there are not enough trained tree trimmers to do the work needed on vegetation management. You can’t send a kid out with a bushwhacker. These are really trained labor. So, there are a lot of job needs and opportunities, and there are people who don’t have jobs, and we need to somehow match those. So, bringing the public sector and the private sector together on that seems to me to be a good way to think about that.”

Hamilton said encouraging interest in STEM education and cybersecurity needs to begin in elementary school.

Kelly Speakes-Backman, Energy Storage Association

Witness Kelly Speakes-Backman, CEO of the Energy Storage Association, said she was glad her twin 15-year-old daughters were in the audience hearing the discussion. “Their high school has a program that is partnered with the U.S. Naval Academy specifically on cybersecurity, and I really want them to take it,” she said.

Torres said that in addition to sparking early interest in the STEM fields, industry and government should encourage mentoring to ensure a pipeline of future teachers and professors.

Hamilton said DOE and its National Labs also should be involved in encouraging what she called the “democratization” of innovation.

“Innovations are not limited to our labs, our universities or our utilities. They are everywhere. They are kids in basements playing with their apps,” she said. “So, trying to make sure that our research programs are able to connect the dots so that we can bring entrepreneurs to test and make sure that we have proof of concept [is important]. Because no utility is going to purchase a piece of equipment that was designed in somebody’s basement. They need to know that the Department of Energy and the National Labs have given it the seal of approval … by testing it and making sure that this all works.

“While part of that is about bringing new people into the industry — because there are so many new excited young people coming in — we also need to make sure that we then connect them to the programs that are existing to enrich the programs too,” she said.

A House subcommittee meeting last week heard testimony from (from left) Karen S. Evans, DOE; Juan Torres, National Renewable Energy Laboratory; Kelly Speakes-Backman, Energy Storage Association; and Katherine Hamilton, Advanced Energy Management Alliance.

Measuring Cost-effectiveness

Speakes-Backman, a former member of the Maryland Public Service Commission, had a different ask of DOE, saying it should help states develop ways to measure the cost-effectiveness of resilience measures. “This is an issue that I personally had after the derecho in 2011. Utilities can invest in reliability and there are metrics for that, but they cannot invest in resilience because there aren’t metrics for that to prove cost-effectiveness.”

FERC & Federal