Consultant chosen for cybersecurity review of Ky. cooperatives

FRANKFORT, Ky. (Aug. 21, 2013) – C.H. Guernsey & Co. has been selected to assess cybersecurity risks to Kentucky’s jurisdictional electric cooperatives and to review the plans in place to mitigate those risks, the Kentucky Public Service Commission (PSC) said today.

“Intrusions and disruptions from cyberspace are one of the greatest threats to our electric power grid,” PSC Chairman David Armstrong said. “This study will assist our smaller electric utilities in developing their defenses against this threat.”

The National Association of Utility Regulatory Commissioners (NARUC) selected the Kentucky PSC from a national pool of applicants to receive a grant that will fund the study.Guernsey will work with a group of electric distribution cooperatives to determine what risks they face, what protections are in place and what further steps are needed to protect their systems, particularly as the utilities adopt more advanced digital technologies.

The U.S. Department of Energy provided NARUC with the funds for the grant. NARUC is a nonprofit organization whose members include utility regulators from all 50 states, the District of Columbia, Puerto Rico and the Virgin Islands. It represents the interests of state utility regulators at the federal and international levels, works to improve the quality and effectiveness of state regulation and promotes policies that support reliable utility service at reasonable cost.

“State regulators will be facing important decisions as utilities seek cost recovery of their investments in cyber-secure infrastructure,” said NARUC Executive Director Charles Gray. “Utilities, therefore, must ensure they know their system’s vulnerabilities and make smart investments, because these costs will likely be borne by their ratepayers.”

Guernsey was selected by a committee of PSC employees and representatives of Kentucky’s jurisdictional electric cooperatives. The company, headquartered in Oklahoma City, has extensive experience working on cybersecurity issues with electric cooperatives.

The PSC has jurisdiction over the rates and services of 19 electric distribution cooperatives in Kentucky. Together, they serve about one-fourth of the state’s 2.3 million electric customers.

Between three and six of those cooperatives will participate in the Guernsey study. The final product of the study will be a report that assesses the cybersecurity risks to Kentucky electric cooperatives, identifies the best practices for mitigating those risks and recommends steps that the PSC should consider to assure that the cooperatives adequately protect their infrastructure.

Bill Corum, president of the Kentucky Association of Electric Cooperatives (KAEC), said the study will have far-reaching benefits.

“As Kentucky’s electric cooperatives work to modernize their infrastructure, the results of this study will assist them in protecting those investments from cyber-attacks,” he said. “The KAEC is happy to be working with the PSC and NARUC on this important project.”

PSC Chairman Armstrong emphasized that cybersecurity rests on cooperation.

“Because the electric grid is so interconnected, protecting it from disruptions must be a joint effort,” he said. “The PSC appreciates the willingness of Kentucky’s electric cooperatives to work with us to find the best ways to secure this vital infrastructure.”

The PSC is an independent agency attached for administrative purposes to the Energy and Environment Cabinet. It regulates more than 1,500 gas, water, sewer, electric and telecommunication utilities operating in Kentucky and has approximately 90 employees.