Introduction. In this brief essay, we have two objectives: first, to provide a glimpse at the complexities that will be faced by electric power utilities, wholesale power generators, power grid operators and their customers if the North American electrical grid is the target of a systematic and combined physical and cyberattack that causes cascading outages, damage to hard-to-replace equipment, and results in months of degraded reliability in electricity delivery in one or more regions; and second, to explore some of the existing and emerging legal duties of electrical utility companies and other major enterprises of the bulk power system to avert, mitigate, and recover from damaging cyberattacks on the North American electrical grid.
This discussion is to provide background for a continuing legal education presentation on the subject and for a proposed project for development of a guide for electric bulk power utility and other corporate counsel to assist their clients in addressing their legal obligations to defend against, reasonably respond to, and recover from a damaging cyberattack on the grid, particularly one that could severely degrade the grid for a prolonged period and pose significant potential liability for utility and non-utility enterprises in that event. This essay will therefore attempt to give lawyers, who are experienced in cybersecurity and other cyberspace issues, a short introduction to some of the issues and complexities that we believe may arise if coordinated and systematic physical and cyber attacks on the bulk power grid occur and cause substantial longterm damage.
Please see full publication below for more information.