Cybersecurity

DOE wants $15 million more for securing the grid

Shutterstock image (by gyn9037): High voltage towers, electricity infrastructure.

The Obama administration wants to put another $15 million toward bolstering the physical and cybersecurity of the country's electricity grid. The funding, if approved by Congress, would concentrate on community-owned utilities and electricity cooperatives, which generally have less money to spend on cybersecurity than bigger, investor-owned utilities.

The money would be distributed over three years and support programs run by two groups that represent local utilities: the American Public Power Association and the National Rural Electric Cooperative Association. The work would include developing security tools and training programs to improve security culture for APPA and NRECA members, the Energy Department said in a news release.

"An example of a weak point for us is the varied nature of the electricity sector," Deputy Energy Secretary Elizabeth Sherwood-Randall said July 12 at a Bloomberg Government event. "We have major investor-owned utilities with significant resources; we also have smaller utilities."

She added that the government and the utility industry had learned a great deal from the cyberattack that hit the Ukrainian electricity grid in December, which plunged some 225,000 people into darkness. Some analysts have blamed the attack on Russia, and the hack influenced proposed legislation that would segment parts of the U.S. grid into safe havens devoid of digital entry points.

The legislation, introduced in June by members of the Senate Select Committee on Intelligence, would establish a two-year pilot program at DOE's national laboratories to identify new security vulnerabilities in parts of the grid whose compromise could threaten public safety or national security. The $10 million program would support research and implementation of improved platforms, including "analog and non-digital control systems."

Patricia Hoffman, an assistant secretary of Energy, told Congress on July 12 that DOE supports the bill's goals. Although many power companies conduct vulnerability assessments, "there still may be a gap where the DOE national laboratories should partner with industry" in that regard, she told the Senate Energy and Natural Resources Committee's Energy Subcommittee.

Hoffman advised lawmakers to use the legislation to strengthen the Electricity Sub-Sector Coordinating Council, a government/industry forum for bolstering grid security. ESCC works with the Electricity Information Sharing and Analysis Center (E-ISAC), a hub for disseminating cyberthreat information to the utility industry.

Duane Highley, CEO of the Arkansas Electric Cooperative Corp., told lawmakers E-ISAC needed fine-tuning.

"It's working well, but it could work even better," he said. "We would like to see stronger communications and more timely information flowing from government."

Reg Harnish, a cybersecurity consultant with clients in the utility industry, told FCW that some organizations struggle to use cyberthreat intelligence from the government.

"Most organizations cannot act on intelligence no matter how relevant it is," said Harnish, CEO of GreyCastle Security. "In addition, threat intelligence is easily compromised by our adversaries generating digital 'noise.'"

Nonetheless, government officials are engaged in a two-pronged effort to brief utility executives on classified threats and more quickly declassify threat information for public consumption. The effectiveness of those initiatives will shape how prepared the utility industry is for a sophisticated cyberattack.

Meanwhile, threats to the grid continue to surface. Researchers at SentinelOne, an endpoint protection firm, recently uncovered potent malware targeting a European power company. The researchers believe the attack is backed by a nation-state.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

Reader comments

Wed, Jul 20, 2016

$15m or $15 billion? - seems a lot of talk if it is only $15 million!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group