Comparing the US to EU on Grid Security
I am fortunate to have exposure to work on grid policy and implementation in both the US and European Union. The duality of those two worlds colliding helps look for the best approaches in both spheres. I wanted to talk about the most significant differences for those also looking to understand the differences.
It is safe to say that both the US and Europe recognise the critical importance of grid security in maintaining a stable and reliable energy supply. As you compare the two governing bodies, the biggest takeaway is how basic KISS security can be, regardless of the policy framework. One area I do see more considerable differences is in market and program design. The US programs allow for more manual intervention and temporal windows, while the EU leans heavily into automation for quicker network response. You see more technical controls around that.
Scope and Coverage
- 🇺🇸: The United States has a decentralised approach to grid security, with various federal agencies (NIST), industry stakeholders, and regional entities responsible for different aspects of grid security. The North American Electric Reliability Corporation (NERC) sets mandatory reliability standards for the bulk power system, and the Department of Energy (DOE) plays a significant role in coordinating efforts and research. You find a mishmash of the 1600 utilities taking different approaches without well-defined boundaries. See my last blog post here for more.
- 🇪🇺: The European Union (EU) takes a more centralised approach to grid security, with the European Network for Cyber Security (ENCS) playing a vital role in supporting member states’ efforts in enhancing grid security and resilience. The EU develops overarching guidelines and directives to harmonise security practices across member states. Their documents are well laid out and easy to digest. They lack the same NIST/DISA support infrastructure, but they are complete and provide an excellent starting point for most. Member countries can decide to make them more stringent in areas, but not at the expense of interconnectivity.
Regulatory Framework
- 🇺🇸: The Federal Energy Regulatory Commission (FERC) has the authority to regulate grid security and reliability in the United States. NERC develops and enforces mandatory standards for grid operators and owners, and regional entities oversee compliance. NIST provides the Smart Grid Framework as a starting point.
- 🇪🇺: The EU establishes overarching policies and directives for grid security and critical infrastructure protection. The Network and Information Systems (NIS) Directive and the Cybersecurity Act are key legislative instruments guiding grid security efforts across the EU.
Threat Landscape
- 🇺🇸: The US grid faces threats from both physical and cyber attacks, potentially impacting energy supply and national security. Threat actors may include state-sponsored hackers, criminal groups, or malicious insiders.
- 🇪🇺: European grids are also exposed to similar physical and cyber threats. The interconnected nature of the European grid poses challenges in coordinating security efforts across borders. Given the War in Ukraine currently, the threat landscape has shifted to being more heavily dependent on geopolitics, given the thin margins the EU grid is operating on during peak moments.
Approach to Regulation
- 🇺🇸: The US has a sector-specific approach to grid security, with NERC’s mandatory standards focusing on specific reliability aspects of the power system. The approach relies on the collaboration of various stakeholders within the electric industry.
- 🇪🇺: The EU takes a broader and more cross-sectoral approach, with the NIS Directive applying to operators of essential services, including electricity providers, and the Cybersecurity Act addressing the broader digital infrastructure.
Grid Interconnectivity
- 🇺🇸: The United States operates three major power grids: the Eastern Interconnection, the Western Interconnection, and the Texas Interconnection (ERCOT). Each operates independently and has its security challenges.
- 🇪🇺: The European power grid is highly interconnected, enabling the exchange of electricity across borders. This interconnectivity increases the complexity of ensuring grid security and necessitates closer collaboration among EU member states.
Energy Mix and Grid Complexity
- 🇺🇸: The US has diverse energy sources and a mix of large-scale centralised power plants and distributed energy resources (DERs). This mix creates varying challenges for grid security and resilience. See FERC 2222/841 for some of the complexity of Behind-the-Meter (BTM) versus Front-of-the-Meter (FTM). The general sentiment and market design still lean heavily on “human-in-the-loop” for execution.
- 🇪🇺: European countries also have a diverse energy mix, significantly focusing on renewable energy and increasing DERs. Managing this complexity requires attention to grid security and adaptability. The EU leans more heavily into automation and DER servicing as interconnection upgrade allowances versus the US.