In November 2012, a commission was formed under the Moreland Act to investigate New York power utilities’ preparation for and response to major storms affecting their service areas over the preceding two years. While reviewing the actions taken by these utilities during times of emergency, the commission issued specific recommendations to Governor Cuomo regarding what the commission felt were opportunities for improving storm preparation and response by the power sector. In June 2013, the City of New York, through the Office of the Mayor’s Special Initiative for Rebuilding and Resiliency and PlaNYC, released a plan identifying recommendations for rebuilding communities ravaged by Superstorm Sandy, and improving the resiliency of infrastructure throughout the city going forward.
Con Edison of New York and Orange and Rockland’s safe and reliable delivery of electricity, gas, and steam rely on urban and regional infrastructure. From 2013 to 2016, Con Edison has proposed to invest approximately $1 billion to improve the resiliency of the electric and gas delivery systems and the electrical and steam generating stations. In 2014 we reached the halfway point toward meeting that goal. Con Edison’s continued dedication to improving its service delivery during and after weather emergencies is discussed in this section.
Resilience isn’t limited to our ability to withstand severe weather; we must also be ready to withstand manmade threats against our systems. Cyber and physical security are equally important to Con Edison, and in this section we discuss some proactive measures we are taking to protect our business and our stakeholders.
We have proposed $1 billion in measures to fortify and protect our systems to withstand increasingly severe weather post-Superstorm Sandy. We plan to install stronger flood barriers and more submersible equipment, raise critical equipment, and strategically bring overhead power lines underground. We will install additional state-of-the art monitoring sensors, switches, and related smart-grid technologies to improve the flexibility of our system. Our long-range investment plan remains focused on keeping our systems reliable and safe for our customers.
For Con Edison of New York’s electric substations and electric and steam generating stations, the highest risk of damage during a severe weather event is from flooding due to storm surge. Prior to Sandy, Con Edison already had a specification in place to protect new facilities and critical equipment from higher-than-expected potential flood levels. The damage caused by Sandy’s unprecedented flooding and the resulting impact to customers clearly identified the need to retrofit older facilities that were installed well before this specification was established.
Con Edison acted immediately following Sandy to protect its stations for the 2013 hurricane season. This involved, at minimum, effectively protecting each impacted station against a potential repeat event. In parallel, we developed protective plans through 2016 and presented these plans to the Public Service Commission in electric, gas, and steam rate cases, with storm hardening as a central focus. Con Edison convened a Storm Hardening Collaborative in parallel with the rate cases to provide parties an opportunity to fully examine our proposals.
A primary focus of the collaborative was the design standard for flood protection. Through discussions with the Public Service Commission, New York City officials, the Office of the Attorney General, and various other rate case parties including environmental groups, it was agreed that the company would revise its flood protection standard for the storm hardening program. Con Edison therefore established the most current FEMA 100- year flood level plus three feet as the new design standard for retrofitting stations and protecting critical equipment. This design standard will be applied to all future projects being pursued over the next three to four years.
The majority of our storm hardening work will be completed in 2016, to protect our at-risk substations and generating stations against flooding. Protective storm hardening measures will continue to be installed through 2020. Con Edison of New York will also pursue a Climate Change Vulnerability Study that will project future changes in climate, particularly in humidity, heat and heat waves, and identify mitigation options to protect equipment and maintain reliable service.
Orange and Rockland also faces reliability issues during severe weather. In Con Edison’s most-inland service territory comprising 1,350 square miles, flooding is less of an impending force against the predominantly above-ground system. With over 550 circuit miles of transmission line and 3,800 pole miles of overhead distribution line, Orange and Rockland must maintain reliable customer service threatened by high winds, falling trees, and ice and snow accumulation.
Con Edison of New York completed approximately $79 million in storm hardening investments between 2013 and 2014 to protect substations and generating stations against another severe coastal storm event. Storm hardening measures were installed at nine substations and five generating stations that were impacted by Sandy. Measures included reinforced concrete flood walls around critical equipment, submersible pumps to control water infiltration, flood doors and gates at station openings, and expansive foam sealant in cable conduits and troughs. In addition, work commenced in 2014 to install backup electric generators, additional flood walls, gates and pumps, and other protective measures.
For more information, please read on about Con Edison of New York’s plans, and Orange and Rockland’s plans to weather the next storm of the century.
Cybersecurity remains a priority at Con Edison, Orange and Rockland, and to the energy industry at large. The potential for a remote attacker to compromise customer accounts, gain access to protected information, affect physical equipment, and threaten system reliability has prompted a major change in utilities’ approach to their information networks and users over the past decade.
At Con Edison and Orange and Rockland, we continue to expand our focus on cybersecurity in 2014. We expanded our cybersecurity which is based on ISO 27000’s Cybersecurity Framework. Under that program, a suite of processes, procedures, working groups, and executive-level oversight formally manages and governs cybersecurity practices across the company. We also formally commissioned our new CyberSecurity organization comprised of dedicated cyber security professionals responsible for preventative cyber security control technologies and for continuous monitoring and response to security threats and vulnerabilities for the company’s information networks.
We continued to strengthen our network architecture by deploying state-of- the-art technologies to create layers of security that either prevent attacks or detect malicious behaviors. Our Network Operations Center was expanded in 2013 to monitor alerts. In addition, we continue segmenting networks to fully separate critical system components from basic business functions, thereby mitigating some insider threats. Through this process, we are designing our networks using industry best practices, building response capabilities in from the ground up.
We are also continuing to build user awareness of “phishing” threats, where employees are tricked into downloading malware delivered via email. We conducted several drills targeting each employee and recording their responses. When an employee clicks on a link during an unannounced drill, they are presented with a “CyberAware” message instructing them why they should not have clicked on the link. We also continue to host and participate in various corporate and regional cyber exercises which expand participant awareness of potential cyber attacks and help develop response plans for each organization.
Con Edison and Orange and Rockland are both working hand-in-hand with federal and state agencies to keep abreast of new and evolving threats, benchmark best practices, evaluate our current defensive posture, and drill response to a potential event. We coordinate with the U.S. Departments of Energy (DOE) and Homeland Security (DHS), the Federal Bureau of Investigation (FBI), the Federal Energy Regulatory Commission (FERC), and the North American Electric Reliability Corporation (NERC) on a range of issues related to cybersecurity. In 2014, we participated in the FBI and Department of Homeland Security’s New York City cross-sector cybersecurity drill and the co-led with the NY-ISO, the New York State electric specific cybersecurity drill.
We will continue to support and engage in public-private efforts to improve cybersecurity in our sector. More locally, we look forward to further engagement at the state level through a utility cybersecurity benchmarking group we recently helped to establish.
Securing our critical infrastructure from physical damage or attack is an ongoing priority for Con Edison of New York and Orange and Rockland. To adequately safeguard our facilities, we continue to incorporate comprehensive security processes to protect the Company, its employees and its assets. We utilize the conceptual approach of deter, detect, delay, respond, and recover to build the foundation for securing our infrastructure.
Our methodology focusses on multiple layers of different types of security. Many of our facilities have security guards. Security enhancements, including intrusion detection systems, closed circuit television monitored locally and remotely, card access systems, and contact alarms are already in place at key sites including substations, natural gas terminals, and control centers across our territory. We have a Security Operations Center where we monitor them, on a 24-hour, seven-day-per-week basis. This provides a central point for coordinating response protocols for security events and alarms.
In addition, we are deploying a new enterprise security suite which will provide real-time monitoring of ingress and egress points within our facilities. This will incorporate all the different security systems into one platform. We are spending more than $73 million over the next five years to further enhance physical security measures across our system.