As CEO of the North American Electric Reliability Corporation (NERC), the organization charged with overseeing the reliability and security of the North American grid, I am deeply concerned about the shifting risk landscape facing the power industry. Conventional risks include randomized events such as extreme weather and equipment failures, while the emerging risks that could result from the intentional actions of unknown adversaries are asymmetrical and much less known. We are often left to imagine scenarios that might occur from such attacks and prepare to avoid or mitigate the consequences. In some cases, the consequences could be more severe than we have previously experienced from any past event, including Hurricane Katrina or the August 2003 Northeast Blackout. I am most concerned about coordinated physical and cyber attacks intended to disable elements of the power grid or deny electricity to specific customer facilities. These could include attacks to deny electricity service to government or business centers, military installations, or other critical infrastructures such as water, transportation, telecommunications and fuel supplies.
At the same time that we consider these new threats, it is incumbent upon policy-makers and industry to ensure we can continue to maintain affordability of the electricity supply that is the lifeblood of our economy in a competitive global market. Security at any cost is not a reasonable strategy nor is it in the best interest of the electricity customers who ultimately bear the cost of our North American electricity infrastructure. It is important to maintain a practical balance between addressing known, high-priority risks that can cause electrical outages on a regular basis and those that may seem to perhaps be more severe but rarely, if ever, happen.