Contact: Scott R. Bolden, sbolden@naruc.org

WASHINGTON (October 29, 2020) — The National Association of Regulatory Utility Commissioners Center for Partnerships & Innovation today announced the release of the Cybersecurity Tabletop Exercise Guide and Public Utility Commission Participation in GridEx V: A Case Study. These new publications highlight the need for public utility commissions and utilities to coordinate on cybersecurity preparedness efforts. Robust and well-established communication protocols between utilities and regulators can prevent cybersecurity incidents and accelerate the recovery process in the event of a cybersecurity attack on critical energy infrastructure. The tabletop exercise (TTX) guide and case study are useful for these purposes.

The Cybersecurity Tabletop Exercise Guide, one of five tools in the Cybersecurity Manual, provides public utility commissions and other stakeholders with step-by-step instructions to design, conduct, and evaluate a cybersecurity-focused TTX.  A TTX is a discussion-based exercise where partners gather around a conference table (or virtually) and work through a simulated incident to identify emergency response capabilities.  The guide includes customizable templates, so public utility commissions with little or no exercise experience can easily fill in the blanks to start these critical conversations. Over the next year, NARUC will partner with the Texas Public Utility Commission to pilot this technical guide's applicability.

“The Public Utility Commission of Texas welcomes the opportunity to take part in the NARUC Cybersecurity Tabletop Exercise Guide pilot program,” said Chuck Bondurant, director, Critical Infrastructure Security and Risk Management, Public Utility Commission of Texas. “Given the ever-present threat to critical infrastructure posed by cyberattack, we embrace the importance of not only overseeing Incident Response Plans for individual utilities, but also ensuring our own organization is fully synchronized with our local, state and federal counterparts to ensure the most effective response.”

Public Utility Commission Participation in GridEx V: A Case Study highlights the experiences of six public utility commissions (Alaska, Connecticut, Colorado, Florida, Idaho and Iowa) that participated in GridEx V. GridEx focuses on response and recovery from coordinated cyber and physical security incidents on the bulk power system. The case study explores the benefits that PUCs gained from participating, as well as challenges they faced while coordinating with utilities in simulated cyber and physical attacks.

“The GridEx exercise demonstrated that it is not enough to just rely on preparation to respond to a cyber incident. We must continuously test the resiliency of our cyber infrastructure to improve the effectiveness of how our grid responds to cyber challenges,” said Commissioner Andrews Giles Fay of the Florida Public Service Commission.

The two new publications are available on NARUC's website at http://bit.ly/CybersecurityTTX and http://bit.ly/GridExV.

###

 

About NARUC

NARUC is a non-profit organization founded in 1889 whose members include the governmental agencies that are engaged in the regulation of utilities and carriers in the fifty states, the District of Columbia, Puerto Rico and the Virgin Islands. NARUC's member agencies regulate telecommunications, energy, and water utilities. NARUC represents the interests of state public utility commissions before the three branches of the federal government. www.naruc.org

 

About NARUC Center for Partnerships and Innovation

The NARUC Center for Partnerships & Innovation (CPI) identifies emerging challenges and connects state commissions with expertise and strategies to navigate complex decision-making. CPI accomplishes this goal by building relationships, developing resources, and delivering training that provides answers to state commissions’ questions. www.naruc.org/cpi-1