Cybersecurity threats can cause disruptions in the flow of power and other problems if malicious actors send computer signals to the electronic controls used in some electric generation and transmission infrastructure.
The electric power industry takes cybersecurity threats very seriously. Electric companies employ various strategies to protect the integrity of their computerized systems, but cybersecurity threats still exist. As the grid and, unfortunately, threats to its integrity, evolve, the industry recognizes that new authority is necessary to deal with some emergency cyber threats.
The Energy Policy Act of 2005 (EPAct 2005) mandated an Electric Reliability Organization (ERO), an independent, self-regulating entity that enforces mandatory electric reliability rules on all users, owners, and operators of the nation's transmission system. The Federal Energy Regulatory Commission (FERC) approved the North American Electric Reliability Corporation (NERC) as the ERO, which became operational in January 2007.
In 2008, FERC issued a final rule approving a set of mandatory NERC standards on critical infrastructure protection. The standards require users, owners, and operators of the nation's electricity grid to implement training, physical security, and asset recovery plans to protect against the threat of cyber attack.
EEI continues to work with a broad coalition of stakeholders to address outstanding electric industry cybersecurity issues.