Cybersecurity and the grid: How bad is it and how do we make it better?

Tools

The U.S. Senate's energy panel did a status check Tuesday on actions taken to ensure the electric grid is protected from cyber-attacks. The hearing came as lawmakers are poised to consider yet another round of cybersecurity legislation.

 

Testimony we heard about cumbersome processes and the inability to react quickly didn't sound too promising, but you can read the excerpts below or scan the full testimony here and decide for yourself.

 

GAO – threats are evolving and growing

Gregory C. Wilshusen, Director of Information Security Issues with the Government Accounting Office (GAO), noted that threats to systems supporting critical infrastructure—which includes the electricity industry and its transmission and distribution systems—are evolving and growing. He pointed out that the increased reliance on IT systems and networks exposes the electric grid to potential and known cybersecurity vulnerabilities, including:

·         An increased number of entry points and paths that can be exploited by potential adversaries and other unauthorized users

·         The introduction of new, unknown vulnerabilities due to an increased use of new system and network technologies

·         Wider access to systems and networks due to increased connectivity

·         An increased amount of customer information being collected and transmitted, providing incentives for adversaries to attack these systems and potentially putting private information at risk of unauthorized disclosure and use

Ohio utility commissioner – close coordination is essential

Todd A. Snitchler, chairman of the Ohio PUC, told senators that protecting the electric grid is going to take coordination at all levels of government. As he put it:

"In the critical 'golden hours' after a possible new developing threat is detected, or immediately following an event, it may not always be clear what is actually happening or why. For this reason, close coordination between the utility sector and the cyber sector is essential to the response. As the State public utility commissions have traditionally served as the gateway to the utility sector and have their own independent core of expertise and relationships key to understanding, in real-time, events affecting that plant, close coordination among the operators of our cyber networks, the Federal government, and State homeland security partners, including State utility commissions, is essential. Resolving cybersecurity issues will require significant efforts on the parts of all of us, not just one or two of us. We all are part of the solution."

 

What's next?

There is cybersecurity legislation currently pending in Congress – and apparently more twists and turns on the way. Click the headlines below to get up to speed:

·         The Hill - Bingaman to push for expanded oversight of power grid in cybersecurity bill

·         Businessweek - Lieberman seeks cybersecurity changes to add Senate votes

·         National Journal - 5 reasons why cybersecurity is a tough nut to crack

 

What do you think needs to happen? Use the Talk Back comment form below to share your thoughts.