Administration addresses power grid weaknesses
Smart-grid cybersecurity standards are under way
- By Alice Lipowicz
- Apr 17, 2009
The Obama administration has stepped up the pace in recent weeks to set cybersecurity standards for smart-grid technologies funded by the economic stimulus package. Those activities coincide with reports that foreign cyber spies have already hacked into the nation’s electricity distribution system.
The Energy Department will distribute $4.5 billion in stimulus funds to help develop intelligent electricity distribution networks. But experts are warning that the so-called smart grids might be vulnerable to cyber attacks.
Adding urgency is a media report from April 8 that foreign hackers, possibly from China or Russia, have embedded malicious software in existing electric grids, and the code apparently could be activated for destructive purposes at a later date.
“The federal government needs to be doing a whole lot more than it is doing,” said Joseph Weiss, a cybersecurity expert who recently testified to the Senate. For a start, Congress ought to grant the Federal Energy Regulatory Commission expanded authority beyond interstate-only infrastructure to include regulating cybersecurity for state and local electric grids, Weiss said.
To help counteract threats, the National Institute of Standards and Technology announced April 14 an aggressive three-phase program to develop critical technical standards for the smart grid by year’s end. On March 19, FERC announced a policy statement and action plan, too. NIST will hold a stakeholders’ meeting for the standards road map May 19 and 20 in Washington.
FERC and the power industry have been working together but still need to do more to ensure cybersecurity, said James Lewis, director of technology and public policy at the Center for Strategic and International Studies.
“For years, cybersecurity has been at the bottom of the regulatory priorities,” Lewis said.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.