By Nicholas Bahr and Gisele Cabrini, DuPont Sustainable Solutions
People may be breathing a sigh of relief as power has been restored in Texas, but it would be foolish for anyone to be lulled into a false sense of security. While this crisis may have ended, similar incidents can happen anywhere, not just in Texas, and not just because of what some may consider a once-in-a-decade weather event. The fact is the United States’ aging electricity infrastructure is not sufficiently managed for risk, either from a severe weather or operational perspective.
The unfortunate truth is our electricity infrastructure is significantly vulnerable, and many electric companies find themselves largely reacting to extreme weather or operational failures. Instead, by anticipating vulnerabilities throughout the value chain and building resilience into the electric grid now, companies can begin to take some control over these unpredictable developments and avoid repeating negative outcomes of an outage to ratepayers, the community, and the environment. This will not only enable them to maintain continuity of operations when an unexpected event does occur, it will improve the agility with which they respond to an event and minimize the impacts on the company and its customers.
Like it or not, we are experiencing more severe weather events that threaten the continuity of various energy supplies. Texas has had its fair share, but there are numerous more immediate challenges with associated unknown risks that add heightened complexity to successful electricity management and the stable delivery of power to customers.
From an operational perspective, these challenges include a national electricity grid that has aged significantly and far outlived its life expectancy. Most electric transmission and distribution lines now in operation were constructed in the 1950s and 1960s with a 50-year lifespan, and some lines still in use today were built in the 1880s.
Perhaps more alarmingly, cyber-attacks on the grid are growing in frequency and sophistication. A recent cyber-attack in the U.S. in December is believed to have extended beyond the U.S. government to threaten private systems that control critical infrastructure, including the power grid. And a power outage in October 2021 in Mumbai, India, is suspected to have been the result of a cyber-attack. The outage closed the stock market, shut down trains and affected the daily lives of its 20 million citizens.
Of course, it can be difficult to anticipate the unknown risks that could arise from many of these challenges but getting into this mindset is essential. Historically, electric companies have placed an emphasis on compliance with rules and regulations, which is too narrowly focused on reacting to lagging indicators such as unsafe conditions or equipment function failure. While this is important, they must also take a broader view and proactively consider leading indicators of current and future vulnerabilities that could threaten their operations and cause service disruptions. This will enable them to develop plans now to mitigate the consequences and know where best to allocate risk-management resources.
Once leaders begin to think with a proactive risk-management mindset, there are five steps utility companies can take right now to anticipate risk and establish better resiliency and agility in their operations:
- Utilize an Integrated Risk Management framework to holistically and fully understand all potential risk to your operations and business. The framework should ensure the organization’s processes & technologies are fit-for-purpose; competencies and capabilities are adequate so that staff understand how to run these processes; employee mindsets and behaviors create a future-looking culture that is agile and can respond to disruptions; and governance and management make all the pieces fit together. All these components are essential to successfully mitigating risk. The framework should focus on building resiliency to unknown challenges and shocks, as well as known long-term issues to the business.
- Apply the Framework across the entire value chain to understand the potential risks outside your company that can have consequences on your internal operations and capabilities to provide services. The integrated risk management framework should be used to review all operating inputs and service outputs to identify current and future vulnerabilities to the business. If this consideration can be done in partnership with others across the overall value chain (from generation to transmission and distribution) then by all means do it.
- Develop a Business Continuity strategy to be more resilient and agile when an unexpected event occurs. Use any identified deficiencies or concerns that arise through application of the framework to develop a business continuity strategy that closes vulnerability gaps, and if that’s not possible, determine contingency plans for them (such as potential impacts of severe weather).
- Establish Response Plans in advance that can be executed to respond to any event. Prioritize risks that need to be urgently addressed in the short term and those that can be addressed in the longer term, and then build response plans for them that are practical and conform to the business continuity strategy. Make sure the response plans are agile so the organization can quickly adjust as necessary (we’re all aware how many companies had to quickly adjust to fewer staff and higher absenteeism once the COVID pandemic began, for example).
- Build a Risk-Aware culture in the organization to better prepare all employees to react to the unexpected. The more employees in your company, from executives to facility supervisors to line workers, who are consciously aware of risk day in and day out, the better the company will be able to mitigate and respond to unanticipated incidents and events. It’s essential to develop the appropriate capabilities, mindsets, and behaviors among employees so they are all better prepared for the unexpected and can react quickly and independently. Also essential is engaged leadership who empower all layers of management to adjust to threats in real time.
Try as we might, it is impossible to eliminate all risks from your operations. And no one can control the weather, of course. The point is to begin anticipating what the many risks facing your company could be, and even if you can’t prevent all of them, you can at least prepare to manage their possible consequences. The result will be resilient operations that could avoid a repeat of the crisis seen in Texas.
About the Authors
Nicholas Bahr is Global Managing Director for Operational Risk Management at DuPont Sustainable Solutions. In this role, he helps clients identify, prioritize and reduce risk along their complete value chain and throughout their portfolio of operations. Bahr is the author of the book System Safety Engineering and Risk Assessment used by various universities around the world and the US Federal Aviation Administration as their aviation system safety model. He is a founding member of the International Association for the Advancement of Space Safety and has led U.S. delegations on various standards writing bodies.
Gisele Cabrini is responsible for the Energy and Utilities sector for Brazil at DuPont Sustainable Solutions. Her experience in cultural transformation projects helps companies achieve better operational results by focusing on critical processes and controls, governance structures involving all levels, and developing competencies to sustain change.