Part of the U.S. Dept. of Energy’s complex of national laboratories, INL performs work in each of the strategic goal areas: energy, national security, science & environment. INL is the nation’s leading center for nuclear energy research & development.


To Protect the Grid from Climate Physical Risks, Look to Cybersecurity’s Lessons

Posted to Idaho National Laboratory

image credit: Polina-Petrenko/

Andy Bochman's picture
Senior Grid Strategist Idaho National Laboratory

Andrew Bochman provides guidance to senior U.S. and international government and industry leaders on energy sector security challenges and candidate solution approaches. A critical infrastructure...

  • Member since 2020
  • 9 items added with 4,018 views


Devastating events such as the terrorist attacks on 9/11 and the Great Northeast Blackout of 2003 led the US government to an increased focus on cybersecurity and the development of the mandatory cybersecurity requirements for the bulk power system known as the NERC Critical Infrastructure Protection (CIP) standards. Immediately following the attack on the World Trade Center, the US government asked experts to explore other out-of-the-box means by which the country could be dealt a catastrophic blow by distant and relatively small groups of attackers. Several scenarios emerged, one of which was a coordinated cyberattack on the US electric grid. Forensics experts have determined that the massive Northeast 2003 blackout was initiated by a falling tree branch. However, grid managers’ responses were slowed by the presence of malware on their computers, prompting even greater concern at the Federal level. The Energy Policy Act of 2005 then set the wheels in motion for what would later become the mandatory reliability and CIP standards, both of which were developed in collaboration with industry, and enforced by grid reliability overseer, NERC. From the initial attack to a codified and enforceable mitigation strategy took nearly a decade.

Today a new foe has surfaced, even as the first gains ground: climate change. Unprecedented heat, fire, floods, droughts and aquifer depletion, storms of increasing frequency and ferocity, higher air and water temperatures, and rising sea levels threaten generation, distribution, storage, and transmission assets. A 2020 massive-multi-state heat dome forced outages in California. Early 2021 saw another break in the polar vortex and a deep freeze in TX which begat prolonged power, natural gas, and water disruptions. The changing climate will continue to bring difficult-to-forecast physical impacts that stress unprepared grid infrastructure to failure. If there is anything positive about the arrival of this new threat category, it’s that some of the changes to policy and procedure being implemented to make us more resilient to cyber risks can be leveraged to mitigate the physical risks of climate change as well.

Lessons abound from the evolution of the NERC CIP standards and other grid cyber defense policies and best practices. And in ways similar to the NERC standards, in our recently published book Countering Cyber Sabotage, co-author Sarah Freeman and I document the value of prioritizing asset protections by consequence. Overall, three approaches stand out as particularly relevant for grid defenders who seek to be proactive against physical risks from climate change. They are: Organize, Prioritize, and Exercise.


The call to organize speaks to the benefits of governance structures calibrated to the most pressing current and emerging challenges, both within and outside an entity. It took a long time for large and medium sized electric utilities to understand that having their most senior person in charge of cybersecurity positioned as a manager several rungs below the CIO was not getting leadership the necessary visibility or action. Today it is common for the head of cybersecurity, most often designated as Chief Security Officer or Chief Information Security Officer, to report directly to the CEO. Climate risk issues, to the extent they are being addressed in a utility, are often being handled in an ad hoc manner with different groups in a utility taking independent, uncoordinated actions Ensuring climate physical risk is in the portfolio of the Chief Risk Officer can shorten the climate risk communications paths to the CEO or the Board of Directors.

An additional benefit to creating a senior position (e.g., VP or higher of Climate Physical Risk) is that it sends a clear signal to regulators whose job it is to assess whether utilities in their jurisdiction understand the climate risk stakes and are updating their risk committees and reporting structures accordingly.

Federal or state government climate risk or resilience manager positions created specifically to address climate physical risk to utilities will encourage increased coordination with utilities’ risk officers. Continuing this restructuring beyond the electric sector is necessary as well, per risk analysis firm ICF in their recent report:

Coordinating grid investments with a local government’s plans for critical loads, such as water treatment facilities, will support optimizing the nature, amount, and timing of grid resilience projects.


One point that pops right out of Countering Cyber Sabotage on the Consequence-driven Cyber-informed Engineering methodology is that we cannot protect every asset equally well. For us to thwart the most destructive potential cyberattacks we must prioritize defensive efforts and investments based on the criticality of the assets in question and the critical functions they provide. Prioritization will likely prove to be even more important in the climate physical risk realm, where grid assets that support defense critical electric infrastructures (DCEI) and other national and economic security functions should get more attention than assets deemed less essential or disproportionately expensive to harden. There is much work to be done on this topic and some of it is sure to be acrimonious, as there are winners and losers in every attempt at triage. Further scrutiny should be given to the downstream, cascading financial, security, transportation and public health impacts of sustained electrical outages that roil interdependent sectors like water treatment, fuels provision, and communications. Without robust, consequence-based frameworks for allocating finite funds, whether from government or rate-payer sources, and material and human capital to install and operate, we are sure to fall short in attempts to meet some of the most important challenges of this decades and the ones to follow.


One of the more valuable activities for grid cyber defenders in every role and at every level of maturity has been the development and evolution of national level exercises like NERC’s biennial GridEx series, which is now preparing for its sixth iteration in late 2021. GridEx simulates escalating, highly disruptive cyberattacks on generation plants, substations and other grid assets, and challenges participants to coordinate their responses for maximal defensive effect. One potentially climate physical risk-relevant aspect of the GridEx formula is called the GridEx executive tabletop. This full day event brings together top US and Canadian utility executives, military and civilian government leadership, and representatives from other interdependent sectors to develop and practice command and control at the national level. Working through climate scenarios in tabletop format could help senior-level participants practice prioritization of critical protections in urgent circumstances, as well as with coordinating with regional owners and operators and balancing authorities affected by the scenario’s stressors. Lessons learned would then be shared in detailed after action reports that inform regulator and utility policy updates and combined with current real-world events, inform and evolve the gameplay of the next exercise.

What’s Next for the Grid

In the wake of Superstorm Sandy in 2012, then-Assistant Secretary of Defense for Mission Assurance and grid resilience guru Paul Stockton wrote a paper for grid defenders outlining lessons learned. They centered on the value of resilience and adaptation to a new but not yet fully acknowledged risk reality. An obverse approach holds merit as well: that by looking at how grid regulators, operators and defenders initially reacted to emerging cyber threats, we may find lessons to inform more-robust, proactive adaptations to present and looming climate physical risks to energy infrastructure.

Teaming with subject matter experts in academia and industry, my INL colleagues and I are developing guidance to help prioritize and better protect existing critical grid infrastructure elements including all forms of generation and storage, sbstations, control centers, transmission and distribution assets, and natural gas pipelines. The team is also building a version 1.0 methodology for siting new electric infrastructures that accounts for climate physical risks informed by national and economic consequence prioritization and cost benefit analyses. The term being used for these efforts is Climate-informed Resilience Engineering, or CIRE (pronounced “Sire”).

Photo credit: Bilanol/

For old-guard grid defenders, cyber and climate risks are relative newcomers to the all-hazards risk portfolios utilities and regulators have historically tracked. Most public utility commissioners and staff, insurers and re-insurers, and credit ratings firms — are just beginning to understand the scale and the timing of these risks, as well as the efficacy of the engineered mitigations and protections we have at our disposal. There won’t be any declarations of victory in the campaigns against either cyber or climate physical risk; both are lasting and evolving wars. If defenders do their jobs well, however, we may be able to ward off the worst catastrophes. We may be able to limit damage to levels that allow the grid and the nation it propels to continue operating safely and with relative reliability as we move into an uncertain future.

I use the term grid defender broadly, to include policy, operations and technical personnel from all manner of organizations who work to keep the North American electric grid up and running and resilient in the face of all the hazards that assail it

 Resilient power: How utilities can identify and effectively prepare for increasing climate risks, March 2021.

Note: It’s important to remember that the infrastructure assets that support these crucial functions will also be facing their own climate physical risks, independent from the electric sector

Idaho National Laboratory
Part of the U.S. Dept. of Energy’s complex of national laboratories, INL performs work in each of the strategic goal areas: energy, national security, science & environment. INL is the nation’s leading center for nuclear energy research & development.
Andy Bochman's picture
Thank Andy for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member


Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »