APPA News

By Paul Ciampoli
APPA News Director
Posted October 16, 2018

A recent declaratory ruling and order issued by the Federal Communications Commission (FCC or Commission) that the FCC said could help to remove regulatory barriers that inhibit the deployment of infrastructure necessary for 5G and other advanced wireless services may also result in FCC pole attachment oversight and regulation of public power utilities, despite the explicit exemption for public power in Section 224 of the Communications Act.

By Susan Partain
APPA
Posted October 16, 2018

Keeping the electric grid secure takes commitment from many sources — utility staff and leaders, third-party vendors, and state and federal government. While technology plays a part, experts cite a variety of nontechnical factors that strengthen a utility’s cyber defenses.

By Peter Maloney
APPA
October 12, 2018

Distributed energy resources are coming, even though the regulatory and legal structures in wholesale power markets are still evolving, experts said at an American Public Power Association conference in Charleston, S.C., earlier this week.

By Peter Maloney
APPA
Posted October 12, 2018

Two regulatory and legislative issues stand out for the public power community out of a long list of pending issues, American Public Power Association officials told attendees at an Association conference in Charleston, S.C., on Oct. 9.

By Paul Ciampoli
APPA News Director
Posted October 9, 2018

The White House and the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response recently released their National Cyber Strategy.

By Paul Ciampoli
APPA News Director
Posted October 9, 2018

The American Public Power Association, the National Rural Electric Cooperative Association and Edison Electric Institute on Sept. 26 sent a letter to House Speaker Paul Ryan, R-Wis., urging him to bring to the House floor key energy grid security bills passed earlier this year by the House Energy and Commerce Committee.

By Nathan Mitchell
APPA
Posted October 9, 2018

Public power utilities would do well to leverage their collective partnership with the federal government to create a more resilient and secure electric grid that is prepared for cyber threats.

By Paul Ciampoli
APPA News Director
Posted October 9, 2018

All four of the Vogtle 3 & 4 project co-owners have voted to continue construction of the two new nuclear units near Waynesboro, Ga. The news was announced on Sept. 26.

APPA
Posted October 9, 2018

Anatomy of a cyber attack

  1. Reconnaissance – The threat actor uses the internet, social media, or other tools to discover likely courses of attack.
  2. Weaponization – Code and other tactics, techniques, and procedures are found or developed to exploit the target’s vulnerabilities.
    Delivery – Weaponized code is transmitted to the target.
  3. Exploitation and Installation – The attacker uses the tactics, techniques and procedures in the delivered code to dismantle or work around internal controls in the target to avoid detection.
  4. Command and Control – The attacker gained a form of control or remote access. This may include screen capture, malware execution, or spawning new virtual operating system environments.
  5. Execution – The objective of the attack is achieved. This can include extraction or destruction of IT and OT assets, installation of ransomware, IP theft, or other actions.

APPA
Posted October 9, 2018

8 steps to cyber readiness for public power

  1. Designate a cybersecurity lead. This person can help to establish cybersecurity protocols and manage information sharing.
  2. Assess your risk. Evaluate your utility’s cyber risks, vulnerabilities, resiliency, and capabilities with a tool such as the Public Power Cybersecurity Scorecard.
  3. Train staff. Anyone with access to the utility’s systems should be regularly trained — and get refreshers — on cyber threats and protocols.
  4. Educate local officials. Provide pre-incident outreach and education to local government officials.
  5. Monitor your networks. If you don’t have this capacity internally, look into appointing a third-party vendor to continuously scan your networks and alert you when action is required.Enroll in the Electricity Information Sharing and Analysis Center. The E-ISAC is a free service that keeps you alerted of threats and offers strategies to reduce vulnerabilities.Define an escalation protocol for cyber threats, including:
       >Levels of potential escalation.
       >Triggers for escalation.
       >When and how to notify and report threats.
       >When and how to involve top-level governance stakeholders.
       >How to report to state and federal government regulators and industry coordinating bodies.
       >What duties to delegate to staff.
  6. Report cyber threats appropriately. Let local government officials know about cyber threats and incidents without exposing sensitive information to other sources.