- Corporate Security Teams
- Risk & Compliance Teams
- Information Security Teams
Governance, Risk and Compliance
By Resolver Modified September 13, 2021
The power and utility industry is facing stricter regulation and higher fines as the demand for utilities continues to rise. Ostensibly, utilities provide a commodity, but in practical terms they deliver a vital necessity to their customers. However, the prices of natural resources such as fuel have leapt considerably over the past few years, which in turn translates to higher bills.
In 2011, the average utility bill rose 2 percent year-over-year, and in some states it was up even more, according to Mint.com – a trend that isn’t appreciated by any consumer. Separate data from Kelton Research also suggests 49 percent of Americans believe they are paying too much money for utilities, and 39 percent think they have exhausted all their options to reduce their bills.
Additionally, as the demand for power and utilities rises, so too do delivery problems. Many utility companies are behind when it comes to serving energy to consumers, with their infrastructure growing extremely outdated compared to their current needs. These leads to more service outages, particularly in the aftermath of storms that create additional stress on a weakened utility infrastructure system.
With costs rising and outages becoming increasingly problematic, utility companies have been put under the magnifying glass for the way they operate. Many regulatory and legal bodies are cracking down harder on power and utility companies when they can’t meet demands or set their their prices at unsustainable levels.
For example, Connecticut lawmakers proposed new standards for power restoration after a storm left many residents without power for days, and utility companies could face steep penalties for failure to comply, the Courant reports. The Connecticut bill will closely emulate on passed in Massachusetts in 2009 that would fine companies for not restoring power to blackout areas within a certain amount of time.
Earlier this year, the Massachusetts senate also passed new legislation (S 2440) that requires utility companies to provide estimates of when service will be back online at least two times a day. Utility companies must also set up in-state call centers and community liaisons to keep in touch with customers during emergencies. Despite this requiring additional resources, S 2440 also specifies that these costs cannot be transferred on to the end consumer either.
Power outage legislation in other states already costs local utility companies a significant amount of money in fines. Two utility companies in Maryland were recently charged with violations for not restoring power quickly enough after an outage, with two members of the state senate proposing $100 million fines for failure to get power back to residents.
“(Utility companies) underestimate how the 21st-century economy relies on electricity,” Maryland District 21 Sen. James Rosapepe told The Baltimore Sun. “They’re operating with a 1950s mentality, when there were no smart phones and people weren’t working out of their homes (and being) affected by not having power.”
For a country desperately trying to recover from an economic recession, power outages and interruptions are now perceived as problems that need to be addressed. According to a Lawrence Berkeley National Laboratory report}, interruptions can cost the country upward of $80 billion a year.
While the problem is exacerbated in the United States due to the massive demand for power, similar issues plague other countries around the world in both developing regions and global powerhouses. So long as interruptions recur, regulatory bodies will continue to crack down on the matter and institute fines and violations for providers that can’t make their end of the bargain.
Governmental restrictions may be a new source of concern for utility companies, but they aren’t the only organizations that those in the power industry have to deal with. NERC has developed stricter standards and regulations that energy companies and utility providers must meet or else face substantial penalties, negative publicity or regulatory actions. Additionally, NERC compliance standards have become more stringent meaning companies are more liable to be fined.
The number of companies being fined by NERC and other such regulatory bodies is on the rise, and are beginning to have a pronounced effect on the bottom line of power and utility companies. In particular, Critical Infrastructure Protocol (CIP), which tend to be related to internet security and other cyber threats, fines have become extremely commonplace.
For example, CIP-007, which requires companies to define methods, processes and procedures for securing critical cyber assets and compels reliability coordinators and other utility officials to appropriately secure their network, is the most violated NERC standard. In the studied period, there were 419 violations of CIP-007. This number far surpassed the second-highest violation, CIP-005, which was violated 229 times.
CIP-005 (which requires the identification and protection of the electronic security perimeter that contains all critical cyber assets, CIP-006 (which ensures a physical security program is implemented for the protection of all cyber assets) and CIP-004 (which requires individuals who have physical access to critical cyber assets to have an appropriate level of training and security awareness) are other commonly violated NERC standards.
The economy is still recovering globally, and utility companies were just as affected by the downturn as any other company. It’s absolutely paramount that these businesses avoid penalties where and when they can, especially given how costly they can be.
Software such as Resolver’s GRC Cloud can be used by power and utility companies to help monitor compliance factors and prevent themselves from being fined in the first place. Software solutions can automatically integrate new standards into monitoring practices and give immediate alerts when regulations are being broken.