Cybersecurity

What should the military do when the lights go out?

Shutterstock image (by gyn9037): High voltage towers, electricity infrastructure. 

A House bill would direct a cross-department effort to examine how a cyberattack on the nation's electric grid would affect military readiness.

The Securing the Electric Grid to Protect Military Readiness Act of 2017, introduced by Rep. Jacky Rosen (D-Nev.) on Sept. 27, directs the secretaries of defense, energy and homeland security as well as the director of national intelligence, to deliver a report to Congress within 90 days that would identify significant cybersecurity risks to defense critical electric infrastructure, assess how the readiness of the armed forces would be affected by a cyber attack, weigh the pros and the cons of isolating military infrastructure from the national electric grid and make recommendations to Congress about how best to eliminate or mitigate those risks.

"We must take every step necessary to modernize our electric power grid and protect our military assets from malicious cyber-attacks," said Rosen in a statement.

The measure is looking to explore the impact of multiple threats, including significant efforts to degrade or disrupt technology systems or networks, data theft, malware, distributed denial-of-service attacks, industrial espionage and influence operations.

A Senate version of the legislation was offered on Sept. 12 by Sens. Elizabeth Warren (D-Mass.) and Thom Tillis (R-N.C.). Separately, Sen. Angus King (I-Maine) introduced the Securing Energy Infrastructure Act of 2017, which would establish a working group to develop a national cyber strategy for protecting the electrical grid along with a two-year pilot program within the Department of Energy to identify and combat cybersecurity vulnerabilities in the energy sector. That bill was eventually inserted into the Senate's 2018 Intelligence Authorization bill, which has been introduced but has not yet received a vote.

Before leaving office, the Obama administration released an action plan in December 2016 on securing the electric grid with a host of recommendations, including building increased resilience measures into the grid network, better coordination with nations like Canada who share electrical resources, establish a grid monitoring system and a better trained workforce.

The Trump administration followed that up with an Executive Order in May 2017 directing the Secretaries of Energy and Homeland Security and the Director of National Intelligence to assess the implications of a "prolonged power outage associated with a significant cyber incident" and how the nation might respond to an attack.

Publicly-known instances of attacks on the nation's power grid by malicious actors are exceedingly rare. A website started in 2013 by an anonymous information security researcher called Cybersquirrel1 tracks and categorizes all public, unclassified instances of disruption and damage to power grids around the world. Out of the 2,111 attacks listed worldwide on the site, just three were later determined to be caused by nation-state actors. The remaining 2,108 disruptions were caused by squirrels, birds, snakes, jellyfish and other animals.

About the Author

Derek B. Johnson is a staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group