Information technology has become an indispensable tool for efficiently and reliably operating the increasingly complex regional power system, administering the billion-dollar markets where wholesale electricity is bought and sold in New England, and engaging and collaborating with our stakeholders.
The US Department of Homeland Security reports that the energy sector has become a major target of cyberintrusion attempts. If a widespread cyberattack on generators succeeded in knocking out just 7% of units (about 50) across New England, New York, and other parts of the Northeast, it could leave over 90 million people without power and have an over $200 billion impact on the economy, according to a 2015 report by Lloyd’s and the University of Cambridge Centre for Risk Studies. This is an unlikely, yet possible, scenario.
In light of these and other serious risks, the ISO is committed to making sure our systems remain secure. We’ve put in place comprehensive, round-the-clock protection against cyberthreats of all types. Here are a few examples of our recent and ongoing initiatives:
- To be able to detect, withstand, and recover from any cyberattacks, the ISO has implemented an extensive system of process controls, advanced detection and response systems, and redundancy in systems and control centers.
- Building on existing tools, we launched the 24/7 Security Operations Center late 2015 to provide round-the-clock monitoring of the ISO network, and a 2017 project further tightened access to networked services and systems.
- We’ve tightened security controls for cyberassets and visitors to ISO facilities, in compliance with North American Electric Reliability Corporation (NERC) revised critical infrastructure protection (CIP) cybersecurity standards.
- A new CIP and Systems Compliance Operations Group has been formed to, among other things, provide day-to-day support of infrastructure and cybersecurity compliance functions required by NERC CIP Version 5.
- In 2018, we’ll be further strengthening security controls for hardware, software, and services associated with system operations, in response to NERC standards for supply-chain management.
- The ISO participates in NERC’s GridEx exercises on cybersecurity and physical security. In 2017, more than 70 employees participated in GridEx IV.
- All ISO employees participate in annual cybersecurity training.
Read about how we’re using sophisticated systems to innovate for New England.