Abstract: The North American Bulk Power System ("BPS") is perhaps the most vital of our critical infrastructures. The country's economy and national security depend on the BPS remaining resilient.  BPS owners and operators have learned from experience to prepare for, respond to, and recover from "normal" emergency events. They are, however, much less prepared to respond to and recover from high impact, low frequency events.  Geomagnetic disturbances and kinetic cyberattacks may cause damage so catastrophic that afterwards complete restoration of BPS operations might not be possible. The North American Electric Reliability Corporation (NERC) refers to such occurrences and consequences as "Severe Events". Knowing that disruption of a national grid can produce extraordinary damage to a country's economy and social fabric, how might a cyber adversary exploit the vulnerabilities in the BPS to cause a "Severe Event"?  How much of the North American grid might remain seriously degraded for months or years thereafter?  What preparations are BPS owners and operators making to be ready to mitigate the damage and manage an orderly and efficient recovery?  If commercial companies and critical infrastructure firms are not apprised of the details of such recovery plans, will their own contingency plans leave them ill-prepared to cope with a Severe Event?  Will their domestic transactions and cross-border deals survive the uncertainties of long periods of interrupted communications, delayed production, missed delivery dates, and unreliable albeit good-faith assurances? We will explore those questions in light of a few salient facts.  Cyberattacks are becoming increasingly sophisticated, destructive, and stealthy.  They may even be capable of impairing the situational awareness of BPS control rooms and Board rooms.  The grid's aging heavy equipment and the ongoing deployment of "smart grid" technologies are expanding the vulnerabilities and attack surfaces far beyond what any BPS company can defend.  As a result, it may be that critical infrastructure companies need to recognize that they have emergent corporate cyber responsibilities that include readiness to recover from "Severe Events". 

Bio: Roland Trope is a partner in the New York City offices of the U.S. and Dutch law firm of Trope and Schramm LLP and an Adjunct Professor in the Department of Law at the U.S. Military Academy at West Point, where he has been teaching since 1992.  Mr. Trope lectures in USMA's Departments of Electrical Engineering and Computer Science, Civil and Mechanical Engineering, and Systems Engineering where he teaches intellectual property, project management, and ethics.  He serves on the American Bar Association Task Force on Cybersecurity, is Co-Chair of the Subcommittee on Cybersecurity for the ABA’s Cyberspace Law Committee, is on the Supervisory Board of IEEE Security & Privacy and previously served on its Editorial Board.  Mr. Trope advises on government procurement, protection and licensing of intellectual property, cross-border tech transfers, export controls, economic sanctions regulations, anti-corruption laws, cyberspace law, and cybersecurity. Mr. Trope has written more than 25 articles and co-authored two law books published by American Bar Association.