Critical Infrastructure Risk Assessments Need to Include Questions About Future Use
by Ernie Hayden MIPM CISSP GICSP(Gold) PSP
In the October 28, 2021, New York Times (paywall), the author, Ivan Penn, raised a major issue with the aging electric grid that struck me as a concern when doing critical infrastructure and key equipment (CIKR) risk assessments. Specifically, the problem at hand is that much of the electric equipment was installed in the grid decades ago and it cannot reliably accommodate new installations of solar panels or electric vehicle charging stations. Hence, any risk assessment should include questions about planning for system upgrades and improvements.
In my book Critical Infrastructure Risk Assessment – The Definitive Threat Identification and Threat Reduction Handbook (Rothstein) I include a detailed approach to assessing threats, vulnerabilities, and consequences that could negatively impact CIKR – which includes the electric grid. As observed in the NYT article, the assessments of key CIKR components and systems needs to include some tough questions about plans for system/component upgrades to accommodate the new clean energy.
Some excellent points raised in this NYT review should also be included when assessing the electric grid and supporting components such as generation, transmission, and distribution:
- Electricity now flows two ways with electric cars and solar panels powering houses and houses charging electric cars. Can your infrastructure manage this new flow model?
- Climate change is negatively impacting the electric grid. Rolling blackouts/brownouts are occurring during heat waves. Can your electric grid components safely accommodate these voltage swings?
- Rooftop solar panels on homes can produce more electricity than being used in the house and neighborhood where installed. This can overload electric transformers thus causing them to blow up or at least shut down. Are the current transformers designed to handle the new reverse current flows or at least the supply voltage from the solar panels?
- Are the transmission and distribution lines adequately sized now and, in the future, to handle such loads as electric vehicle charging? For example, can the local distribution lines and transformers accommodate the substantially increased current at the Hertz lots when they receive their new Tesla electric vehicles?
Finally, a fact raised in this article really raises awareness on risk assessment questions for a municipality. For instance, “…if all 330,000 households in San Jose, California, gave up using gasoline and natural gas and switched to electric cars, heat pumps, and electric water heaters and stoves, the city would use three times as much electricity as it does now.” Can the various systems, components, control devices, meters, etc. adapt to this new (and future) model of local electric use? Can these systems handle the new loads and their different time-of-day use reliably? These are important questions to raise in your risk analysis and subsequent planning.
Ernie Hayden, MIPM, CISSP, GICSP(Gold), PSP is a highly experienced and seasoned technical consultant, author, speaker, strategist and thought-leader with extensive experience in the power utility industry and critical infrastructure protection and risk assessment. Hayden is a certified physical and cyber security expert with specific expertise in industrial controls security.
Ernie is author of the new book, Critical Infrastructure Risk Assessment: The Definitive Threat Identification and Threat Reduction Handbook.
VOTED ASIS INTERNATIONAL SECURITY INDUSTRY BOOK OF THE YEAR!
Click HERE to receive a free chapter!
In this free chapter — The Power of the Observation — you will discover:
- An overview of the concept of an “observation.”
- The primary elements included in the observation as well as its format.
- Fundamental considerations when performing and documenting the observation including the power of one’s influence on the actions being observed, the need for critical thinking, and considerations on how the observation supports the risk assessment.
#erniehayden #criticalinfrastructure #infrastructure #riskassessment