The United States Government Accountability Office (GAO) recently completed and published a study on electricity grid cybersecurity that concluded that the Department of Energy (DOE) needs to ensure its plans fully address risks to electricity distribution systems.

The GAO completed two prior studies of the generation and transmission functions of the electricity grid and found that they are increasingly vulnerable to cyber-attacks. The third function of the electricity grid is distribution, which was the subject matter of this study.

According to the study, the U.S. electricity grid distribution system, which comprise the conduits from electric companies to consumers, and which are regulated by states, “are increasingly at risk from cyber-attacks.” According to the study, “Distribution systems are growing more vulnerable, in part because their industrial control systems increasingly allow remote access and connect to business networks.” Therefore, they can be attacked through “multiple techniques” which can potentially disrupt operations.

The DOE has developed plans for the national cybersecurity strategy for the electricity grid. According to GAO’s study, the DOE’s plans “do not fully address risks to the grid’s distribution systems.” The GAO “recommends that DOE more fully address risks to the grid’s distribution systems from cyberattacks—including their potential impact—in its plans to implement the national cybersecurity strategy.” The DOE agreed with the recommendation and provided information on two research projects that are designed to improve the cybersecurity of distribution systems.

There are several diagrams of the risks to distribution systems in the study which are quite chilling.  The study can be accessed here.

The Federal Aviation Administration (FAA) announced last week that it will be working with industry leaders and public stakeholders to develop a traffic management system for unmanned aircraft systems (UAS or drones). UAS traffic management (UTM) requires a framework for systems to safely operate multiple UAS at once. The FAA wants to first establish operating rules before industry service providers and operators would coordinate the execution of flights.

For example, operators want to use smart-phone applications to map routes for drone flights and to check flight restrictions. The FAA has been working on UTM for drones since about 2015, when it first partnered with the National Aeronautics and Space Administration (NASA).

In November 2020, the FAA conducted flight tests through its UTM pilot program in Virginia and is working on an implementation plan based on that research. However, industry stakeholders have asked for more information on the next steps, and it is uncertain whether the FAA’s plan will include performance goals and measures (which is not statutorily required).

The FAA says it will use results from the pilot program to assist it in creating its implementation plan. However, the industry has voiced concern about the limited release of information related to UTM technology.

The U.S. Government Accountability Office (GAO) is recommending that the FAA: (1) provide stakeholders with additional information on the timing and substance of UTM testing and implementation efforts via the FAA’s UTM website or other appropriate means, and (2) develop performance goals and measures for its UTM implementation plan. The Department of Transportation agreed with those recommendations.

With more available data from the FAA’s research in its pilot program, members of the UAS industry and public stakeholders will be able to better align their own activities with those of the FAA and make better decisions for UTM testing and implementation.