Cybersecurity

How cyber info sharing helps keep the lights on

Shutterstock image (by gyn9037): High voltage towers, electricity infrastructure. 

Public-private cyber threat information sharing is critical to keeping the lights on, representatives of the electricity sector told members of Congress.

During a lengthy hearing on the industry's response to cyber threats, members of the Energy and Power Subcommittee of the House Energy and Commerce Committee repeatedly asked panelists from industry what Congress can or should do to help the industry protect against cyberattacks.

Panelists said that the electricity sector continues to improve its resistance and resilience to cyberattacks, and a key component of that is information sharing.

They told members that the 2015 Fixing America's Surface Transportation Act provided a great deal of clarity for the industry on how to respond to an attack, and the industry isn't looking for anything revolutionary out of Congress right now.

"Legislatively, the framework, we feel comfortable with," Gerry Cauley, 
president and CEO of the North American Reliability Corporation told FCW after the hearing.

He said that there is a strong culture of information sharing in the electricity sector and that industry is largely satisfied with structures such as the Cybersecurity Risk Information Sharing Program and other mechanisms for sharing information with the Department of Homeland Security, the FBI and the Department of Energy.

"We're more interested in continuity in the new administration to make sure we're able to continue building off that," he said.

He and other panelists said that the government must find ways to better share classified cyber threat data with industry and that the government can do more to ensure the confidentiality of data shared by industry.

"Continuing to knock down barriers to information sharing, I think, supporting industry efforts with research and development and … looking at creating the next generation of cyber professionals are all really important roles that industry and government can play together," said Scott Aaronson, executive director of security and business continuity at the Edison Electric Institute after the hearing.

While panelists said that the electricity sector is more protected and resilient than other infrastructure sectors, they said the threat vectors only continue to increase with the proliferation of new technologies and devices such as smart thermostats, refrigerators or other internet-of-things devices.

"One such example is the strong push to update distribution networks through the installation of smart meters, which have the potential to be remotely accessed by adversaries," Chris Beck, chief scientist and vice president for policy with the Electric Infrastructure Security Council, said in his written testimony. "This could provide a new cyberattack path to the distribution utility." He also warned that the global supply chain for hardware and software is another growing threat vector.

Panelists warned that while there are steps government can take, such as working on cybersecurity standards for devices, it must not constrain the electricity industry.

"As flexible and risk based as our standards are, I firmly believe that we cannot win a cyber war with regulations and standards alone," Cauley said. "Industry must be agile and continuously adapt to threats."

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.