Cybersecurity is becoming all the more important as utilities begin adopting newer technologies such as smart electric meters. As the smart grid becomes more of a reality and attacks against electric utilities become more prominent, we must augment the public-private partnership model to improve grid security. The energy sector has built on the successful Pathfinder program, bringing together key stakeholders from the federal government, the military, and the private sector to advance information sharing, improve training and education on systemic risks, and develop joint preparedness and response activities. To build on these efforts, more work needs to be done to create government-backed economic solutions to allow for greater investment in cybersecurity. Revenues for utilities continue to decrease and nation-states are increasing their efforts to disrupt critical infrastructure in the United States. Economic solutions to assist the energy sector with their cyber security programs could include a mix of economic incentives like tax credits, direct investment by the government, and reduced regulations which work to increase the cost of energy. Smaller utilities often struggle with cybersecurity; they lack the cybersecurity tools and personnel to maintain robust security. The vulnerabilities of smaller utilities should be a concern of the entire industry because the ever-increasing connectivity of the smart grid presents high levels of systemic risk. Accordingly, the government and industry partners in the Pathfinder Program should focus on solutions that help to address the needs of smaller and midsize utilities.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
Ryan Boulais is the Chief Information Security Officer at AES, serving in this role since February 2020.
Prior to joining AES, Ryan was the VP of Shared Security Services for Thomson Reuters globally for three years. His areas of focus were Identity and Access Management, Security Platforms, Data Loss Prevention and Compliance/Vendor Risk Management.
Ryan was with GE for 5+ years culminating in the VP of Global Security Operations role providing leadership and direction for all cyber security incidents across the company’s 9 businesses, 300K+ employees, and infrastructure both on premise and in Cloud environments.
He also worked for companies such as Northrop Grumman IT-TASC and Scitor performing cost and risk analysis on US Intelligence Community Systems. He spent several years in the US Army as a Military Intelligence and Civil Affairs Officer, with assignments in Germany and the US, and military operational deployments in the Balkans and Baghdad, Iraq.
Ryan holds a Master of Engineering degree from the University of Virginia and a Bachelor of Science degree from the United States Military Academy at West Point.
Jamison Gardner is a member the Georgetown Journal of Law and Public Policy and the First-Generation Student Union. He has a Juris Doctor from Georgetown Law.