With summer rapidly closing in, the United States is set to endure another season of unprecedented heat waves amplified by climate change. As our power grids are tested to their limits, energy sector business resilience will be key in keeping the lights on and keeping outages as short as possible. It’s not just about following regulations like CIP-13 to the letter, it’s about building resilience through better governance, risk and compliance (GRC) practices including robust due diligence regarding third-party and vendor risks.
Learning from failures in Texas
The catastrophic failure of the Texas power grid in winter 2021 was partially the result of governance and supply chain mismanagement. The majority of Texas power plants run on natural gas, and when the storm hit, the Electric Reliability Council of Texas (ERCOT) ordered utilities to reduce power demand. This led to a cycle of companies cutting power to parts of the natural gas supply chain, preventing suppliers from delivering enough fuel to power plants, so power plants couldn’t deliver enough electricity to the natural gas producers.
The utilities that make up the grid did not factor in the risks of aging, sub-par infrastructure and narrow supply chain, so when risk became reality they were completely unprepared to diversify fuel sources and reduce long downtimes.
In 2022, with high summer temperatures approaching faster than ever, Texas already had at least six power plants go down by mid-May and ERCOT began asking for consumers to limit electricity use. Failure to adopt a grid defense program driven by risk management is holding the state back from optimal grid safety.
Preparing for worldwide risk
It’s not just Texas facing the threat of outages due to unprecedented heat. Across much of the United States and Canada, growth of electricity demand in 2022 far outstripped the capability to supply it as older sources of energy have closed faster than new sources can be adopted.
Additionally, energy producers are contending with a drought that is reducing hydroelectric production capability and supply chain snags that interrupt solar projects and transmission lines.
The threat of grid collapse extends even beyond continental lines. Countries like Myanmar, Sri Lanka and India are seeing power supplies buckling under the weight of historic high summer temperatures.
As these record temperatures are only likely to get worse, now is the time for energy sector companies to integrate a more GRC-centric approach.
Beginning with better due diligence
For energy sector companies looking to better control unpredictable risks, one of the most critical steps is to improve the evaluation of risks across the supply chain with third-party management tools. A vendor risk management (VRM) solution has three primary benefits to energy sector resilience:
- Performing multiple levels of risk assessment without the hassle of unreliable manual tools like spreadsheets.
- Automatically prioritizing action on the highest-priority risks in the supply chain.
- Delivering consistent insights with ongoing screening for financial, cyber and other risks in partnerships.
Together, these three advantages can allow the companies that make up our power grid to diversify suppliers, expand their view of risk to encompass the growing stable of threats to the system and create the well-informed contingency plans needed to get back up and running when outages are unavoidable.
More GRC capabilities for more robust resilience
Energy sector companies need more tools than just vendor risk management to shore up resilience in the face of growing grid strain. They need a centralized GRC platform with the following capabilities to minimize threats and create more viable continuity plans.
- Regulatory Change Management: Reduce or eliminate effort required to deal with baseline regulations including CIP-013.
- Policy Management: Create, find and manage policies needed to minimize internal risk.
- Enterprise & Operational Risk: Enable everyone at every level to report incidents that may affect grid reliability, and gain a holistic view of risk from a spectrum of sources.
- IT & Cybersecurity Risk: Prevent and mitigate IT risks such as the ransomware attacks that jeopardized the Colonial Pipeline.
- Business Continuity: Reduce operational downtime with continuity plans based on a 360-degree view of risks.
The energy sector faces a unique set of challenges and risks that require an approach beyond compliance and reactivity. With a robust GRC program in place, energy and utility companies can put themselves in a stronger position to both serve customers and address standards and regulatory compliance. A GRC platform like SAI360 is crucial for greater resilience and continuity as we move deeper into grid testing season and expect even tougher seasons ahead.
Learn how SAI360 provides an integrated approach to risk management for energy companies.