What Resilience Professionals Need to Know: Protecting Critical Infrastructure – the Power Grid

By |2023-07-20T19:19:45+00:00March 14th, 2023|1 Comment

The nation’s power grid is among the most critical infrastructures, as it is used by virtually everybody, and its loss would be catastrophic.  This article examines the power grid, its risks and what is being done to ensure its continued operation, and guidelines for resilience professionals to keep their companies operational.

Just about everything people do requires electricity.  The news media regularly chronicle events that disrupt the power grid.  Stories about damage from severe storms, tornadoes, high winds, and earthquakes regularly appear. Add to that the disruptions caused by vehicular crashes into power poles, shutting down service.  In the past year the media has covered several incidents where vandals shot at and damaged power distribution stations using various weapons.  Situations not usually reported include damage to overhead wires from trees whose branches affect overhead power cables. And occasionally there is the report of an airplane crashing into large power distribution towers, carrying high-capacity cables.

While the U.S. power infrastructure, referred to as the power grid, is generally secure and disruptions are rare, the delivery of clean power is an essential output of the critical national infrastructure.  Energy production and delivery are among the 16 critical infrastructure elements that citizens depend on every day.  This article briefly examines the power grid, where risks exist, and what resilience professionals as well as individuals and businesses can do to protect that important resource.

The Grid

Generation and delivery of electrical power is handled in the private sector, with government agencies providing regulations and oversight to ensure that disruptions are minimal and can be quickly mitigated.  Think of the grid as several very large power companies, along with many smaller companies, all interconnected via a variety of connecting mechanisms that deliver power to consumers.

Operations centers at major locations across the country monitor power generation and power delivery and respond to any out-of-normal conditions.  Local electric companies manage the delivery of power to their communities, and are the people one can see on top of poles repairing transformers and cables.

The major power generation and delivery firms leverage their interconnection capabilities and reroute power by switching the flow of power to where it is most needed.  This can be for situations in which a major increase in power is needed, such as in the aftermath of a severe weather event or an earthquake.  It can also be used to provide more power in times of high demand, such as during summer months with increased use of air conditioning.

Regulating the Grid

The North American Electric Reliability Corporation (NERC, www.nerc.com) and its six regional entities provide broad oversight over the grid.  It provides standards for reliability of the bulk power system, gathers information on a variety of issues, coordinates incident management, enforces compliance with standards, gathers data on incidents for analysis, performs numerous analyses on power generation activities, and also supports the System Operator and Credential Maintenance Program to certify power system operators.

The U.S. Department of Energy (DOE, www.energy.gov) provides nationwide leadership for all kinds of power systems, including electricity, oil, petroleum, wind, geothermal, water, and nuclear power.  The agency delivers oversight, research and analysis, information sharing, emergency event coordination, and policymaking across all energy sectors.

Risks to the Grid

Resilience professionals will recognize many of the risks facing the national power infrastructure that have been noted in this article.  Most occur on the earth’s surface, but some can also occur outside the earth.  Solar storms can release an enormous amount of electromagnetic energy that, if it reaches the earth, can disrupt electrical systems and even the earth’s magnetic field.  A similar effect can be created by an electromagnetic pulse (EMP), a release of significant energy from a nuclear detonation in the earth’s atmosphere or other high energy release.  The pulse can damage electrical and electronic circuits, circuit boards, computer chips, and just about anything that generates or uses electricity. Such an event is often considered one of the most potentially disastrous to civilization.  Even the most seasoned resilience professionals may have a difficult time coping with such an event.

Perhaps the most significant threat to the grid today comes from cyberattacks that can shut down power systems and operations centers.  The Federal government has issued numerous Presidential Decision Directives (PDDs), standards, regulations, policies, frameworks and guidance on preparing for and responding to these attacks. Malware such as ransomware, phishing, DDOS (distributed denial of service) attacks and viruses are a constant threat to the national power infrastructure.  Coordinated attacks on power operations centers, power generation complexes or even substations can be as disastrous as an EMP event.  The many cybersecurity documents issued by government agencies clearly underscore the importance of cybersecurity programs to the power grid.  Resilience professionals should work closely with their cybersecurity colleagues in preparing for such events.

Preparing for Outages to the Power Grid

The use of backup power systems is a widely used strategy by resilience professionals to protect information systems when a power disruption occurs. These can include large diesel- or propane-power systems than can deliver power for hours and days, so long as fuel is replaced.  Other devices such as uninterruptible power systems (UPS), are regularly deployed in offices and data centers as well as residences to deliver short-term power, typically so that critical information systems can safely power down and data and systems can be backed up to a secure storage location.

Even with these remedies, a longer-term power outage, e.g., a week or month or longer, is likely to be a major concern for resilience professionals as such an event can be outside the capabilities of most emergency power systems.  This is where strategies to relocate critical systems and data, such as cloud-based services, must be developed and deployed.  Cloud storage and backup resources can be a life-saver in a power outage, so long as employees can access their resources outside where the power outage has occurred. Resilience professionals recognize the importance of remote working as another critically important strategy for dealing with power outages.

When considering the power grid, isolated outages as noted earlier can be mitigated by rerouting power elsewhere in the grid to where it can be used.  Major regional outages, such as those caused by a rash of severe winter storms across the country in 2022 and so far in 2023, resulted in power outages for tens of thousands of people.  Power restoration can take weeks and even months, presenting major challenges to resilience professionals.

Outside of major events that disrupt power, companies in the power grid continually monitor the health of the grid, and run a variety of diagnostic tests to check out any anomalies before they escalate.  Ongoing efforts ensure that nothing (such as tree limbs and branches) interferes with or damages power cables. Alternate power generation technologies, such as solar, wind and geothermal, are deployed by many power companies to supplement power generation using fossil fuel and nuclear power.  Resilience professionals are advised to contact their utility companies and discuss how those firms have prepared for power disruptions, and, more importantly, learn how businesses can better prepare for a loss of power.

Cyberattacks can be prevented and their severity mitigated if the right controls are in place. This is especially true for organizations engaged in the nation’s power infrastructure.  Compliance with cyber-specific policies and regulations is essential for protecting that infrastructure.  Close collaboration between cybersecurity and resilience teams is an essential strategy for responding to cyberattacks.

In short, the nation’s power infrastructure is generally strong and resilient, but many of the events seen on the media suggest that the grid is not as robust as might be believed.  Risks to the delivery of power are often exacerbated by the use of overhead delivery of power to businesses and communities.  Power poles can be damaged through a number of events, such as vehicular accidents or vandalism.  Further, the cost to move the thousands of miles of overhead wires underground would be enormously prohibitive from cost, time and environmental perspectives.  While many residential developments and business parks today have underground utilities, they are still connected to overhead distribution networks. These are important issues for resilience professionals.

Within the Federal government, various kinds of shielding have been developed and deployed to protect communications and power distribution infrastructures from electromagnetic pulses and other similar events.  These efforts are typically deployed to help the military and key government agencies continue to function, but regrettably, they are not available to the general public.  Similar options are worth investigating by resilience professionals, if possible.


This article has briefly examined the U.S. energy infrastructure, mostly the electric power grid and its risks, and discussed mitigation strategies that can help resilience professionals ensure that their organizations can respond to events that could disrupt the generation and delivery of power to their firms.

# # # #


Recommend0 recommendationsPublished in Physical Infrastructure

Share This Story, Choose Your Platform!

About the Author:

Paul Kirvan, FBCI, CISA, is an independent business resilience consultant, IT auditor, and technical writer with over 35 years of experience.  Mr. Kirvan is a Fellow of the Business Continuity Institute (FBCI), a Certified Information Systems Auditor (CISA) and a member of the Resilience Association.  www.resilienceassociation.org   [email protected]

One Comment

  1. Michael Prasad March 18, 2023 at 3:23 pm

    Please see our analysis re the ability for better disaster resilency of the power grid at https://medium.com/@bartondunant/are-we-overly-dependent-on-electricity-especially-during-disasters-1b6f293a5a3a

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.