Reliability vs. Resilience: Why Safety Regulations Don’t Keep Us Safe in the Utilities Industry
Reliability means that the lights always come on when you throw the switch. Resilience is very different. Resilience means that the critical parts of our electrical supply system can mitigate, survive, and/or recover from high impact threats. The U.S. government has identified several high impact threats that can cause major long term blacks outs. They include large solar storms, cyber attacks, coordinated physical attacks, and elements of asymmetric warfare that can be employed by terrorist groups and rogue states like EMP and smaller scale tactics of electronic warfare.
The electrical utility industry does not have meaningful or enforceable safety standards for any of the above mentioned risks that amount to comprehensive mitigation. The U.S. military does defend its own assets as a matter of strategic defense but the military does not own the electric grid. To make matters worse, because of the interconnected nature of the power grid, it only takes a few companies to be poorly protected to expose large parts of the Nation to risks of power outages. Industry associations can point to a few big companies that have better security than most but they can never account for the interconnected layers of risks.
There have been efforts in Congress like the Critical Infrastructure Protection Act and the Shield Act to try correct such risks but neither Congress nor the utilities industry has shown the ability to keep pace with the threat environment. That is because, under current law, the electrical utility industry is still, in fact, self-regulating. Despite every other critical infrastructure being dependent on the U.S. electrical grid, the utilities industry does not have a safety regulating body with comparable rule making and enforcement powers as the FDA for food safety or the FAA for air travel.
As of September 2017, there has been NO legislation passed that requires hardening of the U.S. electric grid.