One of the critical issues any energy plan for the Commonwealth of Virginia must address is the security and resilience of its energy grid.
Virginia occupies a significant position as a producer (electricity), consumer (high tech industries in Northern Virginia) and transit region (electricity and natural gas) of and for energy. What sets Virginia apart are the important military bases and other government facilities dependent on the security of energy grid to accomplish their national missions. The Commonwealth of Virginia, for those reasons, represents a target-rich environment for Russian and other hostile powers who may mount cyberwar attacks on the electrical grid. (WIRED magazine has documented the Russian threat in great detail.)
In the past, security for the grid was a matter of “guns, guards, and gates” to protect physical facilities controlled by a single entity.
21st-century power grids include electrical as well as gas pipeline grids. These operate more efficiently because of the role of IT technology. Cyber-based applications make the production of energy more efficient as well as allow “off-grid” renewable sources of energy to be integrated into the existing power grid. Here’s the vulnerability embodied in the technological progress: privately owned-technology shared among multiple producers and distributors increase the vulnerability of the grid to cyber-attack. As one of the major regulators of these grids, the Commonwealth has a responsibility to understand and protect these grids against cyber-attack.
But how? In the past year, George Mason University has hosted symposia on grid security, the resilience of physical infrastructure, and the energy-water nexus. It will also be hosting a major conference in the near future on Critical Infrastructure Resilience. From these meetings – and with the research underway throughout the university – we are building a framework for addressing the cyber-security threat. This will be based on enhanced communication, coordination and collaboration between government and energy producers and consumers to develop comprehensive cybersecurity measures.
As part of its 2018 Virginia Energy Plan, the Commonwealth needs to develop a robust cyber-security effort that addresses the Virginia-specific challenges in this regard. First, the Commonwealth should bring together public (including DOD) and private sector (power generating companies, consumers), and universities to identify a work program in this regard. Second, it must inventory the power grid infrastructure and potential vulnerabilities to cyber-attack as well as potential partners for thwarting such attacks. Third, the Commonwealth must develop a public diplomacy effort to inform and engage the general public on these important issues.