P&C the May 2024 issue

Power Play

Insurers and insureds alike must face the glaring risks and vulnerabilities in the U.S. electricity system.
By Gordon Feller Posted on April 30, 2024

In its current state, due to years of chronic underinvestment, the U.S. grid creates a plethora of risks for insurers and other stakeholders.

The U.S. electrical grid in recent decades has not received the resources it needs to face today’s challenges, from cyber attacks to large-scale additions of renewable energy.

Fossil-fuel and renewable energy generation sources carry a range of potential liabilities, encompassing events that could cause significant property damage, the need for tight coordination and planning for complex projects, and ensuring adequate physical damage or business interruption insurance coverage.

The grid has already proven to be an attractive target for cyber attacks, which will require responses by power companies, insurers, and the federal government.

The American Society of Civil Engineers (ASCE) gave the nation’s energy system a C- grade three years ago in its latest Report Card for America’s Infrastructure. (That was up from a D+ in the previous report.) Among its challenges, according to the organization: aging infrastructure that requires repair or replacement; growing electricity demand that is outpacing supply; cyber attacks that could easily disrupt power supplies for millions of customers, wreaking havoc on the broader economy; and damage and power outages from extreme weather events, such as hurricanes and wildfires.

When the grid cannot deliver electrons, for whatever reason, the results can be dire. Texas’s experience during winter storm Uri in February 2021 illustrates this. Nearly 250 people died during days of subfreezing temperatures amid “customer load-shedding” by grid operator Electric Reliability Council of Texas, which left many customers without power for nearly 100 hours, according to a report from the International Association for Energy Economics.

Even as they face these risks, the grid’s operators are confronting a bevy of additional challenges, including growing and unpredictable electricity demand, the transition away from fossil fuels, and the rapid rise of renewable intermittent power sources.

These developments underscore the urgency to bolster all kinds of energy systems. This means improving “resilience,” which the U.S. Department of Energy (DOE) defines as the grid’s capacity to handle and quickly restore power following an outage. Flexibility, reliability, and security are also crucial for the 21st-century grid.

An Outdated Electrical System

Meeting future electricity needs in an orderly, responsible, and cost-effective manner has become a paramount challenge. It is widely accepted that the U.S. grid as it exists today is not up for the job.

“The grid, as it currently sits, is not equipped to handle all the new demand,” Energy Secretary Jennifer Granholm said in October 2023, according to The Associated Press. “We need it to be bigger, we need it to be stronger, we need it to be smarter.”

Providing electricity to customers encompasses a complex network of generation, transmission, and distribution. Three regional grids covering the eastern United States, western United States, and Texas are powered almost entirely by natural gas, coal, nuclear, and renewables from thousands of commercial generators carried by hundreds of thousands of miles of transmission lines and more than five million miles of local distribution lines to customers.

The current configurations of the bulk transmission system, as developed since the 1950s, focus on the location and distribution of generation resources and demand centers.

Between 1980 and 1990, there was a notable expansion in construction of high-voltage transmission lines and some upgrades to existing infrastructure. Several factors contributed to this growth spurt, including increased electricity demand, technological advancements, policy initiatives, and the need to support the integration of renewable energy resources.

During those years, large central station generating facilities were constructed to provide greater scale, meet growing demand, and efficiently increase reliability through the exchange of energy during normal and emergency operations.

The level of investment has not kept up with demand in subsequent decades. Close to 70% of the national grid is over a quarter-century old, Granholm noted in November 2022. Select parts exceed 100 years in age, “far past their 50-year life expectancy—and others, including 70% of [transmission and distribution] lines, are well into the second half of their lifespans,” the American Society of Civil Engineers said.

There have been widespread increases in spending on various components—for example, spending on transmission rose from $15.6 billion in 2012 to $21.9 billion five years later—but the investment gap for the full grid (covering generation, transmission, and distribution) could hit $179 billion as of 2029, the ASCE Infrastructure Report Card says.

Meanwhile, from 2012 to 2022 alone, the United States added nearly 15 million electricity customers, according to DOE’s Energy Information Administration (EIA).

In 2022, power customers nationwide used an average of 11 million megawatt-hours each day, Vox reported last September after electricity consumption in the continental United States spiked close to 15 million megawatt-hours during a summer 2023 heat wave. Increased demand is expected to become the norm going forward.

“A Princeton University study forecasts U.S. electricity demand to grow by as much as 49% by 2035, driven primarily by EV [electric vehicle] deployment,” say energy experts at NERA Economic Consulting. “Such a large increase in demand requires major grid upgrades, including more high voltage transmission and distribution lines, electrical equipment, and electric vehicle charging stations.”

“From economic and population growth to adoption of electric vehicles and electric heating systems to the increased use of electrical appliances and devices, the demand for electricity has increased across the board,” adds Paul Hibbard, a principal with economic consultancy the Analysis Group.

“These dramatic changes in the shape and level of demand far outpace the speed at which utilities have historically planned for and invested in grid additions and modifications,” he says.

Currently, there are multiple components of the grid—specifically transmission and distribution assets—that are typically excluded from standard property coverages.
William Hillman, president and CEO, Associated Electric & Gas Insurance Services

In announcing $13 billion in funding to augment and update the grid, the White House in 2022 said independent analyses have projected the need for a 60% expansion of transmission by 2030 and a threefold increase in electricity capacity by 2050.

The specific upgrades necessary to prepare the grid for rising demand are detailed in various research studies and reports. These studies highlight the pressing need for additional transmission infrastructure to improve reliability, resilience, and cost-effectiveness across different regions. These upgrades include investments in new or improved transmission lines, generation facilities, and interregional transmission capacity.

In its “National Transmission Needs Study,” published in October 2023, the Energy Department said meeting the power sector’s needs in 2035 will require 20% to 128% growth in intraregional transmission deployment for the contiguous United States, based on different scenarios for rising clean energy and load growth. The corresponding growth need for cross-region transfer capacity is projected from 25% to 412% over the next 11 years.

Nearly all regions in the United States would benefit from improved reliability and resilience through additional investments in transmission infrastructure, particularly the Plains, Midwest, and Delta, the report says. The “Needs Study” intentionally does not address solutions to these challenges or potential costs, saying it will be up to industry and the public to chart the optimal path forward.

Until recently, critical infrastructure owners and operators, and the U.S. government which regulates them, have been resistant to such changes. Large investor-owned utilities have consistently resisted federal or state-level mandates to spend on grid modernization.

Now, after being pressured to develop a clear plan that will prevent grid disruptions, stakeholders are taking action and initiatives are being scaled up. The Biden administration’s signature Infrastructure Investment and Jobs Act of 2021 and Inflation Reduction Act of 2022 provide significant federal funds focused on shoring up the vast transmission infrastructure.

The White House’s $20 billion-plus Building a Better Grid project, including the funding announced in 2022, is supposed to offer grants for grid resilience against extreme weather and funding for grid innovation, reliability, and efficiency programs.

States are also making their own moves in this sphere, with California aiming to operate an emission-free grid no later than 2045, the Los Angeles Times noted in a front-page article in January. California’s state government, including the powerful Public Utilities Commission, is applying a well-funded mix of tax incentives, grants, contracts, loans, and laws toward this goal. But it will not be simple or easy to provide tens of thousands of additional megawatts of renewable energy in a grid that has already been challenged to keep the lights on. As the Times put it, “How hard is it to develop California’s electric grid of the future? Like repairing a car while driving.”

Nonetheless, the Golden State’s approach has become the basis for the Biden administration’s federal strategy. The White House is enacting measures with the aim of eliminating carbon pollution from the electricity sector no later than 2035.

The drivers behind fast-moving increases in electricity demand are also a matter for insurance providers to consider, according to Hibbard. If insurers don’t address the issue in ways that reduce the risk of grid failure, claims will rise exponentially.

This relationship cannot be discounted, as illustrated in South Africa, where the state-owned insurer stated openly in May 2023 that it would not cover claims should any collapse of the nation’s electricity system damage clients, Bloomberg and others reported.

“Currently, there are multiple components of the grid—specifically transmission and distribution assets—that are typically excluded from standard property coverages,” says William Hillman, president and CEO of Associated Electric & Gas Insurance Services (Aegis), a mutual insurer owned by the energy industry.

The Biden administration’s Inflation Reduction Act of 2022 includes several provisions that incentivize invesment in grid modernization and expansion, providing billions of dollars for various types of projects. Here are some key elements of the act.

Loan Programs:

  • Innovative Energy, Innovative Supply Chain, and State Energy Financing Institution Authority (Section 1703). Provides an additional $40 billion of loan authority for projects eligible for loan guarantees under Section 1703 of the Energy Policy Act of 2005. This opens up funding for a broad range of projects, including transmission lines, energy storage, and advanced grid technologies.
  • Energy Infrastructure Reinvestment Program (Section 1706). Creates a new program with $5 billion to guarantee loans for projects that retool, repower, or replace aging energy infrastructure. This can support grid modernization efforts like upgrading substations and distribution systems.

Tax Credits and Incentives:

  • Investment Tax Credit and Production Tax Credit. Extensions and expansions of these existing credits make clean energy projects, including transmission lines and energy storage, more financially attractive.
  • Clean Electricity Production Tax Credit and Clean Electricity Investment Tax Credit. These new credits, starting in 2025, offer increased tax benefits for clean energy projects located in disadvantaged communities and energy communities, further encouraging grid investments in often-overlooked areas.

Research and Development:

  • Funding for Advanced Grid Research and Development. The act allocates resources for research into next-generation grid technologies, aiming to improve efficiency, resilience, and integration of renewable energy.

Other Funding Sources:

  • State Energy Programs. The act provides increased funding for state energy programs, which could be used to support grid modernization and clean energy projects.
  • Department of Energy Grants and Programs. The DOE offers various grant programs and initiatives that could be used to fund specific grid projects.

While the Inflation Reduction Act doesn’t directly allocate specific sums to electric grid projects, it creates a more favorable financial environment for such investments through loans, tax credits, and research funds. The amount of money flowing into various grid projects will depend on specific project proposals and competition for funding. However, the act’s provisions have the potential to significantly boost investment in grid modernization and expansion, contributing to a more reliable clean energy future for the United States.

Fossil Fuels vs. Renewables

As of 2022, fossil fuels remained the majority source of U.S. electricity generation—roughly 60%, primarily natural gas and coal with a small sliver of petroleum, according to the EIA. That was followed by renewable sources at just over 20% of generation and nuclear slightly under that percentage.

The mix of U.S. energy sources is expected to shift significantly through the 2020s, with a strong trend toward renewable energy. As of 2022, the EIA predicted the share of renewables in the electricity generation mix to double by 2050, reaching 42%.

One big obstacle is the grid’s capacity to manage the growth and operations of the intermittent renewable power supplied by solar and wind—sources that don’t generate electricity on a continuous basis.

There is a substantial and increasing backlog of U.S. power generators seeking to connect their electrons to the grid. In 2022, more than 8,100 energy projects, primarily wind, solar, and batteries, still needed approval to connect to electric grids, compared to 5,600 a year earlier, The New York Times reported.

This backlog has overwhelmed the system known as interconnection, pressuring grid operators such as PJM Interconnection. These systems are not yet well suited to accommodate a massive new flow onto the grid of electricity generated by renewables—especially wind turbines or solar arrays. Advancing these applications can take years. For instance, the typical project completed in 2022 spent five years in the queue for interconnection approval compared to three years in 2015.

Private sector business owns and operates critical infrastructure and has duties to deploy cybersecurity best practices as well.
Derek Kilmer, associate managing director of professional liability, Burns & Wilcox

Hillman highlights the vast investments needed for upgrading the transmission systems to expand that infrastructure: “There’s a lot of execution risk around expanding those transmission lines. Again, you need the underwriting expertise to understand that risk. A lot of renewable assets are being developed in very remote areas where you need to cover a long distance to connect to the grid. Providing insurance coverage for those new risks will require both additional capital and energy-specific underwriting expertise.”

A bottleneck of this kind—resulting from the grid’s current condition—creates a disincentive for those investors and lenders who’d otherwise be working to roll their clean electrons through the grid and on to the end user.

There are also risks in the energy transition itself, largely connected to the shift from carbon-based fuel sources. Newer, emerging technologies need to be vetted and evaluated by engineers who understand them and the impact of loss events on their performance, Hillman says. Regarding risk, there still is what he calls “evolving exposure, both with change in how carbon generation assets are used as well as new technologies like solar, wind, battery, hydrogen, carbon sequestration which still need to establish a long-term performance track record.”

The shift to renewable energy includes several liability concerns.

  • Technological failures, malfunctions, accidents, or fires in renewable energy facilities could result in property damage, revenue losses, and safety hazards.
  • The complexity of renewable energy projects involving multiple stakeholders, technologies, and regulations poses a significant risk factor. Without proper planning and coordination among all parties, errors, delays, disputes, and quality issues generate cost overruns, legal liabilities, and reputational damage.
  • Contractual liabilities of insured parties are critical in renewable energy projects. Extensive liabilities may exist in maintenance contracts, requiring careful consideration to ensure adequate coverage.
  • Operational risks in renewable energy projects include personnel and equipment risks, cancellation costs, and testing and commissioning challenges, as well as operation and maintenance complexities.
  • Insufficient insurance coverage for physical damage or business interruption can leave energy companies liable for significant costs in repairs or lost business due to incidents like fires or storm-related calamities.

It’s all about “loss control engineering. You need to quantify the risk and provide responsive coverage, but it must be responsive coverage based on a premium that is financially responsible and sustainable in the long term, for both insured and insurer,” Hillman says.

Cyber Threats

Like all critical infrastructure, the grid is considered by government and industry to be a high-risk target for a potential cybersecurity incident. And the threat is no longer theoretical.

In one case, federal authorities confirmed in May 2021 that network disruption at pipeline system operator Colonial Pipeline was linked to a ransomware attack. The company halted pipeline operations for several days while it dealt with the incident.

“As we saw in the case of the Colonial Pipeline ransomware incident, any sort of disruption to our energy operations can quickly lead to panic and sow doubt amongst the broader public,” says Sara Sendek, managing director at FTI Consulting’s Cybersecurity & Data Privacy Communications practice.

That reaction is justified since the loss of access to power can be much more than an inconvenience.

The electric grid is the backbone of almost every part of the economy’s critical infrastructure. Utilities that own and manage that grid remain highly susceptible to damaging physical and digital attacks.

“Ransomware attacks routinely target energy companies because of the known need for rapid response and recovery,” says Brian Boetig, senior managing director in FTI Consulting’s Cybersecurity practice.

The U.S. government acknowledges that many actors (countries such as China along with criminal organizations and other non-state entities) could launch cyber attacks to disrupt grid infrastructure. The purpose could be to disrupt the nation or to force the victim to pay to resolve the attack.

An effective cyber attack “could result in catastrophic, widespread, lengthy blackouts and other loss of electrical services,” says Derek Kilmer, associate managing director of professional liability at wholesale insurance provider Burns & Wilcox.

Protecting the nation’s power grid is such a massive problem partly because of its physical and digital design. Kilmer is especially worried that current grid technology is built around industrial control systems—systems employed for operation or automation of industrial processes. As supplied by giant firms such as Siemens and ABB, these systems are too “reliant on the internet, which creates another point of potential entry and target for hackers,” he says.

 The integration of cheaper and more widely available devices into industrial control systems, consumer internet-of-things devices connected to the grid’s distribution network, and reliance on the Global Positioning System (GPS) for monitoring and controlling functions also contribute to cybersecurity risks for the electric grid.

Cyber attacks on industrial control systems have become a regular occurrence in recent years. Their vulnerabilities can include outdated network components and cybersecurity programs that fail to meet today’s best-practice expectations. Among the strategies to address this threat: comprehensive cybersecurity risk evaluations and credentialed vulnerability scans.

The Energy Department continues to look for ways to strengthen protection for the grid, including cyber preparedness, incident response and recovery, and deploying more resilient technology.

The Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) have both created security standards and deployed FERC incentives for advanced cybersecurity investment.

Kilmer hopes the federal government will continue working to “improve coordination, update laws and regulations, and create fewer complex controls, as well as software and hardware for the infrastructure. This would give hackers less entry points. Government can also address the architecture of the system”—creating more degrees of isolation to secure data away from public networks.

While the federal government has primary protection responsibilities, Kilmer notes, “Private sector business owns and operates critical infrastructure and has duties to deploy cybersecurity best practices as well.”

In a recent internal survey by The Council on cyber insurance, some respondents cited utilities among the business sectors that have had difficulty getting coverage. The overall demand for cyber coverage has skyrocketed, but insurance companies have tightened their requirements, raising the bar for cybersecurity controls that organizations must have in place.

There is ongoing discussion of whether the federal government should provide a backstop to private cyber insurance though no formal measures to date.

“If there occurred large-scale cyber attacks on critical infrastructure, for example, we would possibly be dealing with a catastrophic situation that affects society as a whole,” Chris Storer, head of the cyber center of excellence at Munich Re, said in a September 2022 article in Leader’s Edge. “For such a threat, there needs to exist a contingency plan that is accepted by all stakeholders, and that can only be ensured by government involvement.”

In its March 2023 National Cybersecurity Strategy, the White House committed to studying “how the government can stabilize insurance markets against catastrophic risk to drive better cybersecurity practices and to provide market certainty when catastrophic events do occur.”

A government backstop could help transfer the remote but potentially catastrophic cyber risks that private insurers cannot sustain on their own, making cyber insurance more viable.

The National Cybersecurity Strategy makes a direct connection between cybersecurity and the transition to clean energy. This shift will incorporate new, interconnected technologies such as distributed energy resources, smart energy generation and storage systems, and sophisticated grid management platforms in the cloud, the document says. Left unsaid is that greater interconnection means potentially higher danger.

Ransomware attacks routinely target energy companies because of the known need for rapid response and recovery.
Brian Boetig, senior managing director, cybersecurity, FTI Consulting

The Department of Energy is working with its national laboratories and other internal stakeholders to spearhead work “to secure the clean energy grid of the future and generating security best practices that extend to other critical infrastructure sectors,” the Cybersecurity Strategy says. “DOE will also continue to promote cybersecurity for electric distribution and distributed energy resources in partnership with industry, States, Federal regulators, Congress, and other agencies.”

Meanwhile, insurers can press utilities to be “cyber resilient,” meaning their organization can withstand, adapt to, and recover from cyber incidents while continuing to operate effectively. Practical action to address the grid’s risks would mean adopting cyber-resilient technologies.

Sophisticated firewalls: These network security elements monitor and control incoming and outgoing network traffic based on predetermined security rules. Advanced firewalls with features like deep packet inspection can detect and block sophisticated cyber threats.

Intrusion detection systems: These security tools monitor network traffic and system activities for signs of malicious activity or policy violations. They can help detect potential cyber attacks in real time and alert cybersecurity personnel, allowing for faster response.

Data encryption: Encrypting sensitive data, both at rest and in transit, can protect data from unauthorized use even if a cyber attack is successful. Robust encryption makes it much harder for attackers to extract and misuse critical grid data.

Taken together, these technologies create multiple layers of defense to withstand and recover from cyber attacks, enhancing the overall cyber resilience of the power grid.

There are also various ways by which the insurance industry can update its approach.

  • Insurers will need to evolve their coverage offerings to address new types of cyber risks associated with the electric grid. This may involve developing specialized cyber insurance solutions tailored to the unique challenges posed by attacks on critical infrastructure like the power grid.
  • Given the increasing volume of sensitive data managed and stored by the industry, insurers must prioritize data protection measures to safeguard against data breaches and cyber attacks.
  • Insurers must enhance their risk assessment capabilities to better understand and quantify the evolving cyber risks faced by companies invested in the electric grid. This may involve leveraging advanced risk modelling techniques and data analytics to assess and price cyber risks accurately.
  • Collaboration with cybersecurity experts, government entities, and other stakeholders will be essential for insurers to stay informed about emerging cyber threats and best practices for mitigating these risks effectively.
  • Insurers will need to review and update their policy language to ensure that both physical and non-physical losses resulting from cyber attacks are adequately covered. This may involve clarifying coverage for mandatory reporting, government inquiries, regulatory proceedings, fines, penalties, and other potential liabilities arising from cyber incidents.

Expertise and Capital Requirements

Will new insurance products emerge, or will old ones evolve, to try to meet the new grid-related demands? Hillman thinks “the size and scale of the new distributed generation will attract the underwriting expertise to evaluate it and the capital to provide the coverage.”

But he does have a word of caution: “If it is just bundled into an insurance policy for that site that is written by a commercial property insurer without energy expertise, that presents risk being assumed by parties who do not really understand the peril.”

The risks created by the distributed generation grid are also what Hillman calls “a very challenging exposure because of their correlated nature.”

When a catastrophic event takes out power for a specific area, there is likely to be accompanying property damage, which means there is additional loss on top of what has resulted directly from the catastrophic event. Hillman thinks that “there probably is insurance capital that’s willing to deploy and assume that risk, but it comes at an additional cost. That is the challenge of any new product: the insured wants to transfer that risk and that volatility. But do they want to transfer it at the premium that the insurer will demand to assume it?”

More in P&C

Council Q3 2024 P/C Market Survey Results
P&C Council Q3 2024 P/C Market Survey Results
More premium increase moderation, but umbrella sees effects of social inflation....
P&C Weathering Cyber Storms
Q&A with Joshua Motta, CEO and Co-Founder, Coalition
Certified Cybersecurity
P&C Certified Cybersecurity
HITRUST certification can give small to medium-sized businesses peace of mind th...