Reliability vs. Resiliency: Why Safety Regulations Don’t Keep Us Safe in the Electrical Utility Industry
Reliability means that the lights always come on when you throw the switch. Resilience is very different. Resiliency means that the critical parts of our electrical supply system can mitigate, survive, and/or recover from high impact threats. The U.S. government has identified several high impact threats that can cause major long term blacks outs. They include large solar storms, cyber attacks, coordinated physical attacks, and elements of asymmetric warfare that can be employed by terrorist groups and rogue states like EMP and smaller scale tactics of electronic warfare.
The electrical utility industry does not have meaningful or enforceable safety standards for any of the above mentioned risks that amount to comprehensive mitigation. The U.S. military does defend its own assets as a matter of strategic defense but the military does not own the electric grid. To make matters worse, because of the interconnected nature of the power grid, it only takes a few companies to be poorly protected to expose large parts of the nation to risks of power outages. Industry associations can point to a few big companies that have better security than most but they can never account for the interconnected layers of risks.
There are efforts in Congress like the Critical Infrastructure Protection Act and the Shield Act to try correct such risks but neither Congress nor the electrical utility industry has shown the ability to keep pace with the threat environment. That is because, under current law, the electrical utility industry is still, de facto, self regulating. They do not have a safety regulating body with comparable rule making and enforcement powers as the FDA has for food safety or FAA for air travel.