The Texas Public Utility Commission last week hired Securitas Critical Infrastructure Services (SCIS) as its cybersecurity monitor to develop an outreach program to promote better cyber and physical security for the state’s electricity industry.

SCIS will develop an outreach program to promote “collaborative discussion” on cyber and physical security between the PUC, ERCOT and utilities, municipalities and cooperatives that will be participating on a voluntary basis.

The company said it will use tabletop exercises, self-assessments and working groups “to promote a unified corporate culture dedicated to securing Texas’ power grids.”

“Dialogue, coordination and cooperation between the utilities will be managed by SCIS to continually identify vulnerabilities and security-improvement measures enterprise-wide,” it added.

The monitor’s hiring resulted from a pair of bills from last year’s state legislature. Senate Bill 64 established the cybersecurity coordination program, and SB 936 set up the cybersecurity monitor. The PUC in May adopted rules establishing the monitor and coordination program (49819). (See “New Rules Add Cybersecurity Monitor, Coordination Programs,” Texas Public Utility Commission Briefs: May 14, 2020.)

The state’s approximately 100 “monitored” utilities — including transmission and distribution companies, municipally owned utilities and electric cooperatives within ERCOT with transmission at 60 kV or higher — will contribute to the program through their administrative fee to ERCOT. Those outside the grid operator’s footprint, which encompasses almost 90% of the state’s grid, will pay a separate fee.

SCIS will first meet with the monitored utilities. After gathering industry market trends and insights, the company will establish baselines and best practices for comparing utilities, then capture cyber and physical security data through self-assessment questionnaires. It expects to conclude its work by November 2021.