Cyber risks loom for energy sector
- By Mark Rockwell
- Oct 04, 2017
The potentially catastrophic cyber threat looming over the U.S. critical infrastructure is potentially worse than a busy hurricane season according to a key Department of Energy infrastructure security official.
"The most worrisome threat we face in the energy sector is cyber," said L. Devon Streit, deputy secretary, infrastructure security and energy restoration at the agency's Office of Electricity Delivery and Energy Reliability.
In remarks at an Oct. 4 Intelligence and National Security Alliance (INSA) panel on cybersecurity and infrastructure, Streit said that this risk assessment will be backed up by a forthcoming Energy Department report. The report, in its final stages of approval at the agency, compares the relative dangers and impacts of hurricanes and natural disasters against the dangers and impacts of cyberattacks.
"Cyber is at the top of the list," she said.
The conclusion that cyber threats are mounting against energy plants and any of the mostly privately owned U.S. critical infrastructure isn't a surprise, and alarm bells have been ringing.
In August, the White House National Infrastructure Advisory Council advisory group recommended the U.S. establish separate communications networks to support critical systems and take steps to rapidly declassify cybersecurity threat information so that front-line infrastructure operators can use it to defend against attacks.
"There is a narrow and fleeting window of opportunity before a watershed, 9/11-level cyberattack to organize effectively and take bold action," the report stated.
Other experts on the INSA panel -- Cal Bowman, deputy director of the Maryland Governor's Office of Homeland Security, and Isaac Janak, cyber security program manager for Virginia -- shared Streit's urgency.
Bowman and Janak noted that states can have diverse approaches to help protect against critical infrastructure cyber threats.
Maryland, said Bowman, like many states is developing ways to address the cross-cutting issue of cybersecurity at its agencies and in the state's critical infrastructure providers. Virginia, he said, has developed an extensive cyber capability through the state's National Guard operations, which developed the Guard's first "cyber brigade" that monitors its networks.
All panel participants noted that protecting critical infrastructure at the federal and state level is a complex job that depends not only on the interplay between state and federal officials, but on private industry.
Information sharing among the public and private sectors, they said is critical to the effort.
The Department of Energy, said Streit, has been working on specific programs to do that, including the Cybersecurity Risk Information Sharing Program and the Cybersecurity for the Operational Technology Environment. A pilot is also underway that will set a path for two-way data sharing and analysis within the complex operational technology environment, an area where energy utilities currently don't have mature tools for threat detection.
The pilot looks to better define how threat data from OT networks is set up, from determining what to monitor, how to collect and process data to how to share sensitive data while protecting privacy. DOE said the results from pilot will inform development of a repeatable, standard approach that the energy industry can use for real-time operational threat data sharing and analysis.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.