As CEO of the North American Electric Reliability Corporation (NERC), the organization charged with overseeing the reliability and security of the North American grid, I am deeply concerned about the shifting risk landscape facing the power industry. Conventional risks include randomized events such as extreme weather and equipment failures, while the emerging risks that could result from the intentional actions of unknown adversaries are asymmetrical and much less known. We are often left to imagine scenarios that might occur from such attacks and prepare to avoid or mitigate the consequences.
During the past few years, my Security 500 research has identified the move of business resilience under the security umbrella in many organizations. Business resilience is defined as business continuity, emergency management and disaster recovery.