ERRA Conference Speaker, Arthur H. House (Chief Cybersecurity Risk Officer of State of Connecticut, USA) answers ERRA’s question on cyber security
Question by ERRA: Power systems are becoming increasingly digitalized, with information technology having an increasingly important role in all segments of the value chain. Cyber protection of critical infrastructure is climbing towards the top of regulatory policy agenda. What are some of your key messages about the role of regulators in cyber security?
Answer by Mr. House: Regulators already have extremely demanding jobs requiring decisions that include law, public policy, engineering and finance in several public utility sectors. They cannot be experts in all of these fields, nor in the increasingly urgent area of cybersecurity. But modern life and national security depend on resilient critical infrastructure demanding the leadership of informed utilities and regulators.
Utilities are obligated to determine what is necessary to provide resilient services in a world of increasing cyber threats. They have the right to expect that regulators also understand those threats and are capable of deciding what protection and defense costs are fair and reasonable. As with law, engineering and finance, no regulator can be an expert in all these fields, but he or she must be able to review staff recommendations and render sound decisions. To the daunting job description of the modern utility regulator in modern times, basic knowledge of cybersecurity systems must be added.