international

Black Sea Energy Regulators Tackle Cybersecurity Challenges

Black Sea Energy Regulators Tackle Cybersecurity Challenges

From November 30-December 1, 2016, USAID and NARUC conducted the very first technical workshop on cybersecurity for Black Sea electric utility regulators in Kyiv, Ukraine.

Commissioners and staff from regulatory agencies in Armenia, Georgia, Moldova and Ukraine convened with US and EU regulatory experts to discuss best practices and next steps necessary to prevent and mitigate cyberattacks, such as the December 2015 attack that targeted Ukraine, and to improve overall energy security across the entire region.

Action Steps Based on International Best Practices
Over the course of the two-day workshop, representatives from NARUC, the North American Electric Reliability Corporation (NERC), the Council of European Energy Regulators (CEER), the State Commissions of Washington (UTC) and Connecticut (PURA) and Iowa State University outlined the fundamentals and regulatory best practices of cybersecurity in the US and EU.

Based on international best practices presented at the workshop, Black Sea regulators specifically highlighted the following steps they would like to develop, including:

  • Development of an internal team to determine potential commission interests and activities in cybersecurity
  • Development of a Commission cybersecurity plan/strategy
  • Templates for developing questions for regulators to ask of utilities
  • Provision of further technical training resources and improvement of staff capabilities to investigatecybersecurity

NARUC’s Work on Cybersecurity
Through its Research Lab, NARUC has already conducted nearly 50 technical workshops across the US and internationally to train regulators on cybersecurity and to build regulatory cyber-strategies.

Specifically, NARUC has been instructing US Public Utility Commissions on the fundamentals of cybersecurity, as well as the risk management tools that can be used to face these emerging challenges. Topics have included:

  1. Encouraging utilities to take steps to protect the electric grid and work closely with the appropriate government agencies to prevent, detect and respond to cyber threats.
  2. Issuing regulatory compliance rules and allowing utilities to recover prudent and reasonable investment costs through rates and tariffs.
  3. Building and developing partnerships between public and private actors to tackle major cybersecurity issues.

With the support of USAID, NARUC is organizing activities that leverage the US regulatory experience to assist Black Sea regulators in understanding the dimensions of cybersecurity and in developing each Commission’s country-specific cybersecurity strategy.