NEPPA eNewsletter

January 2012

The APPA 2012 Legislative Rally will be held March 12-14, 2012 at the Grand Hyatt Washington in Washington, D.C. Public power professionals who want to get involved and advocate on behalf of their community and the industry should plan to attend. For details go to http://www.publicpower.org/LegislativeRally/ConferenceProgram/content.cfm?ItemNumber=30359


##SHARELINKS##
 
EXECUTIVE DIRECTOR'S REPORT

Happy New Year!

While individuals are making personal resolutions this time of year, managers are setting their organizational goals. If you are like me you have taken a snapshot of things and are deep in the process of setting up systems to achieve those goals.

This year is a little trickier for me as I really like to jump in and be aggressive right out of the gate, but I am still in the information gathering phase. I was able get out and meet some members in December and spend some time with the folks at APPA. My priority was to get a grasp on Littleton, where our new facility is going up this month. But I still need to reach out to more members and understand their individual circumstances and needs. This will be one of my goals for the next several months.

My overall list for the year is short but large in scope. It includes:

1. Complete new facility and move in by October.

2. Meet with members from all regions of NEPPA and better understand their operations and needs.

3. Restructure the professional education system and update or create needed programs.

4. Improve our communications and use of technology to serve our members.

5. Look for collaborations that will maximize NEPPA’s presence and use of our new facilities.

This may sound like a short list, but like many of yours, each goal has layers to it. Additionally, these must be accomplished while still giving full attention to our services like Mutual Aid and legislative efforts.

For those of you who have been previously involved or are looking to be involved in our legislative efforts, a reminder that our visits to meet our elected leaders are scheduled for March 12th through 14th. We have an orientation breakfast tentatively scheduled at this time for the 12th  and we are asking you not to schedule any meetings until after that session. This will allow us to be coordinated with our efforts and issues. Please put this on your calendar and go to the APPA website to find and reserve a hotel room, as this is a busy time in D.C. and rooms book up fast. I am hoping to see as many of you there as possible.

One of the items on your list for 2012 is training. NEPPA has completed its training schedule for 2012 and will be adding to it as necessary. So, if you haven’t scheduled your on-site training or registered your folks for the group trainings we do I recommend you do so as quickly as possible. If you want to check our calendar for availability you can do so at: http://www.neppa.org/calendar.html. We update this calendar daily to make it convenient for you. Just added are Substation and Advanced Lineworker. These begin in the next few weeks.

Please let us know anything we can do to help you meet your 2012 training goals! If you have any suggestions or needs for training that we are not offering, please let me know.

##SHARELINKS##
 
AROUND NEW ENGLAND
During a visit to the Winn Brook School, Jennifer Santoro, communications coordinator for the Belmont Municipal Light Department (BMLD), talked to students about electrical safety as part of BMLD’s Public Power Week/Energy Awareness Month activities. She read to the first graders from the book Aunt Sarah and the Amazing Power.The students learned about electrical safety and how to stay safe inside and outside the home.

##SHARELINKS##
 

For the eighth consecutive year, the Wakefield Municipal Gas & Light Department (WMGLD) is collecting new bedding for people in need through a partnership with Mission of Deeds, a Reading-based nonprofit organization that provides furniture and housewares without charge to individuals and families in northeastern Massachusetts.

According to WMGLD Electric Superintendent and collection coordinator Dan Flynn, the WMGLD will be accepting donations of twin and full-size sheets, pillows, blankets and bedspreads, as well as cash donations.

"WMGLD customers and staff have always been extremely generous in making donations to Mission of Deeds," Flynn said. "And each year, the need for bedding and is even greater."

Since its inception in 1993, Mission of Deeds has provided furniture and related items to thousands of area households based on referrals from social workers and clergy. The WMGLD has partnered with Mission of Deeds since 2004 and has been an active supporter of the organization’s Buy-a-Bed program.

##SHARELINKS##
 
The Pascoag Utility District announced that its customers will receive a rate reduction in 2012. For a residential customer using 500 kilowatt hours, the change will result in a decrease of about $6.59 per month, an 8.8 percent reduction. The utility said the reduction was possible because the Pasoag Utility District, which provides power to about 5,000 customers in the Villages of Pascoag and Harrisville, secured a favorable supply arrangement that will be in place for the next three years.
##SHARELINKS##
 
ASSOCIATION HAPPENINGS
Land has been cleared and construction has begun on NEPPA's new training center located in Littleton, Mass. It is expected that NEPPA can begin to use the classrooms and  training areas by early 2012.
##SHARELINKS##
 
CALENDAR
16 Days
Jan. 24-27   March 20-23
Aug. 28-31   Oct. 30-31    Nov. 1-2
This one-year program, offered every other year, builds on the knowledge and skills lineworkers already possess. Students are awarded a certificate in Advanced Lineworker Skills. Click to learn more.

Substation Technician Training Program
16 Days
Feb.14-17     May 8-11
Sept. 18-21     Dec. 11-14

This program will combine classroom instruction with hands-on practical applications in the field. The classroom portion of the program will be held at the NEPPA Training Facility in Pascoag, R.I., and field trips to substations in different locations will also be scheduled.
Click to learn more.
 
Sept. 16-19, Sunday River Resort, Bethel, Maine
##SHARELINKS##
 
EDUCATION & TRAINING UPDATE

Eight apprentices from upper New York state graduated from MEUA’s lineworkers training program in late 2011. NEPPA trainer Bill Hesson taught the course at MEUA’s training facility in Fairport, N.Y.

"Bill did his usual fine professional job teaching," said MEUA Executive Director Tony Modafferi. "The students have the highest degree of respect for Bill as was evidenced by their comments at the graduation dinner."

The following students graduated from the four-year program:

Michael Dominie of Tupper Lake, Tye Flurie of the Village of Mayville, David Hall of the Village of Silver Springs, Ken Mead of Mohawk Municipal, Scott Sampson of the Village of Theresa, Eric Heeg of the Village of Churchville and Sean Mahoney and Tom Weronski of the Village of Springville.

##SHARELINKS##
 

Be aware that winter driving is hazardous enough without added distractions of:

- Texting

- Talking on the phone

- Driving too fast for conditions

- Following too close

- Not looking far enough down the road

If you are texting or talking on the phone while driving on ice, snow or in rain you are asking for trouble. Going too fast makes your reaction to an emergency slower; for example, if you are following too closely and the car you're following slams on the brakes. If this happens you will find out how much your insurance will cover. Getting the big picture by looking as far as you can down the road will give you time to make decisions in an emergency.

Wear you seatbelt, drive the speed limit (or slower for conditions) and by all means, don't drink and drive.

Carl Potter, CSP
Carl's educational safety books can be found at www.safetybooks.com.

##SHARELINKS##
 

Effective Jan. 3, 2012, the Federal Motor Carrier Safety Administration (FMCSA) has issued a final rule prohibiting hand-held cell phone use while operating commercial vehicles.

The rule applies to drivers of Commercial Motor Vehicles (CMVs) who hold a Commercial Driver’s License (CDL), except those who are employed by Federal, State or local governments. While this appears to exempt a number of NEPPA members’ employees, we also felt it was important to inform you of this new rule.

Operation includes driving and sitting stationary because of traffic or other momentary delays, but does not include when the driver has moved the vehicle to the side or off a highway and has stopped in a location where the vehicle can safely remain stationary. CDL holders may use hands-free phone attachments or use the speaker-phone function while driving, as long as a call can be answered or initiated using a single touch and is located where the driver can access it without reaching.

Under the new rule, individual drivers will face civil penalties up to $2,750 for violating the rule, while employers can be held liable and fined up to $11,000 per infraction. Utilities that own a commercial fleet of trucks are urged to establish cell phone use policies and compliance plans.

This information should not be misconstrued as legal advice. Affected parties should examine the text of the rule for compliance.

##SHARELINKS##
 
THE LEARNING CORNER
A powerful but mysterious computer worm related in structure and sophistication to the Stuxnet worm has been detected on computer systems in Europe and may be an early phase of a planned new international cyber attack. "Duqu" contains code similar to that of Stuxnet, the malicious software discovered in 2010 and widely believed to have set back Iran’s uranium enrichment operations by about three years. Cyber security experts have been warning that Stuxnet’s code would be repurposed, and one year after the discovery of Stuxnet, Duqu has confirmed those predictions. Initial infections of Duqu were discovered in the networks of European control system vendors. So far, analysts believe Duqu was developed by hackers to attack critical infrastructure, including water plants and the power grid in the U.S. and around the world. The emergence of Duqu further highlights the risk to all control systems, anywhere and everywhere, from cyber attack.

According to initial analysis by Symantec, while Duqu looks to have been derived from the Stuxnet worm, its purpose is different. Rather than damaging industrial control systems directly, Duqu seems to be more of an information stealing "Trojan," collecting key strokes and other information that could be used in attacks on critical infrastructure. Per Symantec’s recent threat post, "When run, Duqu injects itself into one of four common Windows processes: Explorer.exe, IEExplore.exe, Firefox.exe or Pccntmon.exe. Once installed, the worm downloads and installs the information stealing component which harvests information from the infected system and stores it in encrypted files on the infected system to export to the attackers’ system." Symantec researchers believe hackers sent the malware to targeted victims via emails with tainted Microsoft Word documents attached. If a recipient opened the Word document and infected the PC, the attacker could take control of the computer and access an organization's network to propagate itself and hunt for data. Analysis of Duqu is continuing and may yet lead to more unpleasant surprises—the complete analysis of Stuxnet took approximately six months.

The emergence of the Duqu and Stuxnet worms makes clear that extremely well resourced nations and nation states are becoming a significant threat. Large and small utilities alike are potential targets, directly or indirectly, because they are interconnected and deploy common technologies from common vendors. As stated by FERC, "It is not the size of an entity that is critical, but rather the potential for an entity to become a vector of vulnerability to the security posture of interconnected control systems." After the Internet, the Smart Grid represents the largest cyber attack surface in North America. Smart meters, substations, and intelligent monitors and sensors on transmission and distribution lines represent millions of physically remote and insecure access points to critical utility networks.

To ensure security, and ultimately reliability, utilities must create a defense-in-depth posture through which they segment networks, deploy multiple defenses to protect critical operations systems, monitor for intrusions and have policies, plans and procedures in place to recover operations systems from cyber attack. Initial steps include conducting a risk analysis, creating cyber security policy statements, establishing a cyber security team on staff and making a review of cyber security policies and procedures a top priority. N-Dimension recommends that every utility review the following 10 basic questions on a regular basis and respond accordingly:

1. Do you have policies and procedures addressing cyber security for operations systems?

2. Do you perform annual cyber security assessments?

3. Do you have operations systems (SCADA, AMI, OMS) that are directly connected to or reachable from the corporate network?

4. Do any third parties have access to your networks or operations systems (e.g. vendors, service providers, power providers)?

5. Do you allow access to the Internet from operations networks?

6. Do you patch systems in your operations network regularly?

7. Do you monitor operations systems and networks for anomalous activity and potential attacks?

8. Do you use Wi-Fi? Is it properly secured?

9. Do you scan for unauthorized wireless access points?

10. Does any of your operations traffic travel over utility-owned fiber or radio links or third-party networks (e.g. private WAN, MPLS, Frame, ISDN, etc.)?

APPA members of all sizes must resist falling prey to the common myths that public power utilities are not targets or that having a firewall is sufficient protection. Cyber security is a critical component to reliability, and there are cost-effective, easy-to-implement solutions available to enable small and mid-sized public utilities to protect their operations.

 

 

Doug Westlund is Chief Executive Officer and Dr. Andrew Wright is Chief Technology Officer of N-Dimension Solutions Inc., provider of cyber security solutions in affiliation with Hometown Connections. N-Dimension is a member of NIST's Cyber Security Working Group and a founding member of the National Electric Sector Cyber Security Organization, and works with numerous industry organizations developing the cyber security standards for the Smart Grid.

##SHARELINKS##
 
IBEW LU#104
Associated Systems, Inc.
Alber
Morgan Meguire