The electricity ecosystem in North America is undergoing a rapid transformation in terms of resource mix, end-use loads, and the adoption of new technologies for grid control and operation. This grid transformation, combined with the convergence of information technology (IT) and operational technology (OT), business practices, communication networks, and system resources, is expanding the potential targets for attacks on the grid. Consequently, the US bulk power system (BPS) is facing a rapidly evolving threat landscape due to more and more sophisticated cyber-attacks. This calls for the need to fortify the resilience of the grid against potentially catastrophic impacts of the cyber security threats.

To address these challenges, the Electric Reliability Organisation (ERO) Enterprise, consisting of the North American Electric Reliability Corporation (NERC) and the six regional reliability entities, has recently published a white paper titled ‘Cyber-Informed Transmission Planning – Roadmap for Integrating Cyber Security into Transmission Planning Activities’. This document introduces a cyber-informed transmission planning framework (CITPF) and provides a roadmap for integration of cyber security into transmission planning activities.

CITPF proposes to incorporate cyber security threats, specifically coordinated attacks, into transmission planning studies conducted by transmission planners and planning coordinators. It will serve as a guide to drive investments in cyber security where necessary, and it can be utilised by various entities such as NERC, regional entities, industry stakeholders, regulators, and policymakers to conduct reliability studies. These studies aim to identify unacceptable risks to the BPS and recommend appropriate mitigations.

Moreover, the white paper delves into resilience measures that complement security controls by examining, identifying, and reducing the vulnerability of critical facilities to attacks. Several key focus areas crucial for integrating security concepts into transmission planning practices and processes are addressed in this white paper. These include aligning terminology and definitions across security and engineering disciplines, mapping cyber security threats, vulnerabilities, and impacts to conventional transmission planning contingency definitions, analysing the current state of cyber and physical security considerations in long-term planning studies, recommending enhancements to existing standards, introducing CITPF and its integration with transmission planning practices, and outlining a high-level roadmap for cyber security integration with long-term transmission planning practices.

ERO Enterprise proposes piloting CITPF in collaboration with industry stakeholders to demonstrate its value, gather insights for iterative improvement, and refine the framework. Based on the technical foundation provided in the white paper, recommendations will be made to modify NERC standards, to ensure that a broader range of reliability risks can be adequately mitigated through transmission network upgrades and additional cyber security controls. These recommendations will be further developed and refined based on lessons learnt from pilot projects conducted based on CITPF.

The white paper can be accessed here.