Regulators Step Up for Grid’s Security
Dominic Saebeler is the Director of the Illinois Commerce Commission’s Office of Cybersecurity and Risk Management. He represents the ICC as a member of the Illinois Terrorism Task Force, its Committee on Critical Infrastructure, and as a member of NARUC’s Subcommittee on Critical Infrastructure. An attorney, his thirty-year career focuses on the intersection of technology, policy development, security, law, and business decisionmaking.
Wei Chen Lin is Policy Advisor in the Office of Cybersecurity and Risk Management at the ICC where he works closely with public and private entities to drive risk awareness, promote knowledge and best practice sharing, and encourage coordination, as well as design and participate in productive exercises. He is member of the Staff Subcommittee on Critical Infrastructure of NARUC and an editorial board member of the Critical Infrastructure Protection Review.
In Issue 6 of the NARUC Bulletin (March 20, 2019), Dominic Saebeler and Wei Chen Lin of the Illinois Commerce Commission's Office of Cybersecurity & Risk Management answered the question, "Is there a Role for PUCs in Cybersecurity Exercises?"
In tackling that question, they discussed designing and facilitating cybersecurity tabletop exercises for utilities to actively evaluate levels of preparation, test response plans, and facilitate peer learning in the face of a simulated cyber-attack.
The short answer was that it depends a great deal on several factors, including the objectives, staff resources, and skillsets as well as the willingness of utilities to actively participate. Please read the bulletin for a more in-depth explanation of their recent exercise design process.
Later in 2019, Dominic and Wei Chen are still asking similarly tough questions as they finalize details on a third annual December cyber exercise. In year three, their focus has shifted to determining how a Public Utility Commission can continue playing a productive role in working with, and assessing progress of, investor-owned utilities toward addressing an evolving threat landscape.