LG&E here in Lexington is starting to restrict access to detailed AMI data citing cybersecurity concerns. They're claiming that providing 15-minute interval data in CSV format could create security vulnerabilities in their smart grid infrastructure. This is making it much harder to perform thorough billing audits for our commercial clients. Anyone else running into utilities using cybersecurity as an excuse to limit data access? I'm wondering if this is going to become a widespread trend that undermines our audit capabilities.
AMI cybersecurity concerns affecting audit rights?
Oz, we're seeing the same pushback from CPS Energy here in San Antonio. They moved to a new "secure portal" system that only provides summary data unless you jump through multiple approval hoops. The irony is that the data they're "protecting" is the customer's own usage information. We've had some success arguing that cybersecurity restrictions can't override customer rights to their billing data. The Texas PUC has been supportive of our position, but it's definitely slowing down audit timelines.
National Grid here in Syracuse has implemented similar restrictions. They claim that detailed interval data could be used to reverse-engineer their AMI network topology. It's frustrating because we need that granular data to identify billing anomalies and demand optimization opportunities. We've started including cybersecurity compliance language in our client agreements to address utility concerns while maintaining audit rights. The key is demonstrating that we have adequate data protection measures in place.
Puget Sound Energy in Tacoma has been reasonable about this. They require auditors to complete a cybersecurity training module and sign additional confidentiality agreements, but they still provide full interval data access. The training actually helped me understand their legitimate security concerns - AMI data can reveal operational patterns that could be exploited by bad actors. I think the solution is better security protocols, not restricted access. We need to work with utilities to develop standards that protect the grid while preserving audit rights.
This is a critical issue that AAUBA needs to address proactively. MLGW here in Memphis has been transparent about their cybersecurity measures without restricting legitimate audit access. The key is establishing industry standards for auditor cybersecurity compliance. I've been working with other board members to develop guidelines that utilities can adopt nationwide. We need to demonstrate that professional bill auditors are part of the solution, not a security risk. Our expertise in identifying unusual usage patterns actually helps utilities detect potential cyber intrusions.
Randy, that's exactly what we need. LG&E's restrictions have cost our clients thousands in potential savings because we can't perform detailed load analysis. The cybersecurity argument falls apart when you realize that the same data is available to customers through their online portals - often with weaker security than professional auditors maintain. We need AAUBA to push for standardized cybersecurity protocols that preserve audit rights while addressing legitimate utility concerns.
TVA here in Huntsville has struck a good balance. They require auditors to use their secure FTP system for data transfers and maintain logs of all access, but they don't restrict the level of detail provided. The additional security measures add about 30 minutes to each data request, but it's worth it to maintain full audit capabilities. I think utilities are realizing that experienced auditors are actually allies in maintaining grid security - we're often the first to spot unusual patterns that could indicate problems.
Diana makes a good point about auditors serving as an early warning system. We've identified several cases where unusual interval data patterns led to the discovery of meter tampering or equipment malfunctions. CPS Energy has started viewing our audits as a quality assurance service rather than a threat. The key is educating utility security teams about what professional auditors actually do with their data and how our analysis helps maintain system integrity.
OG&E here in Oklahoma City initially restricted AMI data access but reversed course after we demonstrated our cybersecurity protocols. We now have a streamlined process that provides full interval data within 48 hours of request. The utility actually benefits from our analysis - we've identified billing system errors that saved them money and helped improve customer satisfaction. It's a win-win when utilities view auditors as partners rather than adversaries.
Susan's partnership approach is the right direction. National Grid has started sharing anonymized system-wide data with qualified auditors to help identify billing trends and anomalies. This collaborative approach improves billing accuracy for all customers while maintaining security. We're seeing fewer individual billing disputes because systematic issues are caught and corrected proactively. The cybersecurity concerns are legitimate, but the solution is better security practices, not restricted access.
Great points everyone. I'm pleased to announce that AAUBA has finalized our Cybersecurity Standards for Utility Bill Auditors document. It establishes baseline security requirements that utilities can reference when developing data access policies. The standards cover data encryption, access controls, audit trails, and incident response procedures. We're already seeing positive responses from utilities who appreciate having clear guidelines. This should help eliminate the arbitrary restrictions some of you have been facing while maintaining appropriate security measures.