No state regulator wants to wake up one day and learn that hackers have brought down the power grid in his or her state. At the same time, many state regulators want to encourage modernization of the electric grid. They realize that making the grid smarter could make it more vulnerable to cyber attacks. But state regulators struggle to define their role in promoting cybersecurity.
State commissions face several dilemmas. Even the largest states must work with tight budgets and limited expertise. Nor are individual electric utilities well prepared to handle the novel and complex challenges of cybersecurity. Cybersecurity standards at the federal and industry level are slow to be adopted. And it isn’t clear how regulation, state or federal, can be effective in producing desired results.