Little Rock, Ark. — May 22, 2013 — Duane Highley, president and chief executive officer of the Electric Cooperatives of Arkansas, appeared before the U.S. House of Representatives Energy and Commerce committee on Tuesday to address the electric power sector’s involvement with the ongoing implementation of the Feb. 12, 2013 Presidential Executive Order pertaining to cybersecurity.

According to Highley’s testimony, electric power sector representatives have led the way in developing the first mandatory cybersecurity standards for critical infrastructure. “Electric power sector entities which own or operate Bulk Electric System assets are required to adhere to one or more of the National Energy Regulatory Commission (NERC) Critical Infrastructure Protection (CIP) standards,” he said. “Utilities have made significant investments to ensure compliance and create a culture of security.”

He said electric power sector experts are routinely deployed to improve CIP cyber security standards and address regulatory directives and best practices, including the National Institute of Standards and Technology standards.

“The cybersecurity framework that is developed from the Executive Order process must be high-level and flexible to ensure that the framework can be adapted to each of the nation’s diverse critical infrastructure sectors without unintended consequences; build upon each sector’s existing processes, standards and guidance, including the sector-specific regulatory standards which already exist in the electric and nuclear industries; avoid time-consuming and unnecessary duplication of efforts; preserve and build upon existing public-private partnerships; and be risk-based and cost-effective,” Highley said.

He said a group of leaders from the investor-owned, public power and cooperative segments of the electric power sector have engaged in what may become an ongoing partnership with senior officials throughout the government, including the White House National Security Staff, Department of Energy and Department of Homeland Security leadership.

“This collaboration has resulted in classified briefings to inform senior industry executives of some threats facing the electric grid, as well as a commitment from government representatives to improve the flow of information between the government and industry,” he said.

He emphasized that neither the Executive Order process, nor its resulting cybersecurity framework, should be considered a substitute for, or a competitor with, the mandatory standards approved by independent regulatory agencies. “These mandatory standards address public policy objectives that are unique to the electric and nuclear sectors,” he said. “The resulting cybersecurity framework should be focused on a much broader task, leveraging the federal government’s capabilities and expertise in information sharing with that of the nation’s private sector owners and operators’ ability to protect critical infrastructure.”

The Electric Cooperatives of Arkansas comprise 17 electric distribution cooperatives; Arkansas Electric Cooperatives Inc. (AECI), a Little Rock-based cooperative that provides services to distribution cooperatives; and Arkansas Electric Cooperative Corp. (AECC), a generation and transmission cooperative. The distribution cooperatives provide electricity to more than 490,000 members, or customers, in Arkansas and surrounding states.

For additional information, contact:
Rob Roedel, Electric Cooperatives of Arkansas, 501.570.2296 or rroedel@aeci.com
www.ecark.org