Electrical Power Grid Vulnerable to Cyber Threats

CIO — With a possible debate on cybersecurity legislation looming in the Senate, energy regulators on Tuesday warned lawmakers of the pressing threats facing the nation's power grid.

Appearing before the Senate Committee on Energy and Natural Resources, a panel of witnesses stressed that any bill the full chamber approves must provide for a more fluid system of sharing information about cyber threats, both between public and private entities and between federal and state and local authorities.

"We're often challenged by the lack of information," said Gerry Cauley, president and CEO of the North American Electric Reliability Corporation. "And this is where in cyber the partnership between industry and government in terms of information to help us understand those risks and to be able to adapt to them is very important."

Gregory Wilshusen, director of information and technology at the Government Accountability Office, said his agency recently evaluated the Department of Homeland Security's practices of sharing threat information with the private sector and found it wanting. Too often, Wilshusen said, the department was only providing overly broad information or waiting too long to issue threat warnings.

"In many cases the information was not actionable, not timely," he said.

Tuesday's hearing comes as senators on both sides of the aisle have been pressing for a floor debate to consider the various proposals for cybersecurity legislation ahead of the August recess.

Senate Majority Leader Harry Reid (D-Nev.) has indicated that he would like to bring a bill to the floor this year, and possibly in the two remaining weeks before the break, but time is running short to forge a compromise measure that resolves some of the key differences over issues such as additional regulations and expanded government authorities.

Those divisions were on display at Tuesday's hearing, where committee Chairman Jeff Bingaman (D-N.M.) signaled that he intends to renew efforts to advance a bill that would vest the Department of Energy and the Federal Energy Regulatory Commission (FERC) with greater authority to oversee the electric industry in a bid to strengthen security.

Versions of that legislation passed the committee unanimously in 2010 and 2011, and its provisions could get folded into a sweeping cybersecurity reform bill backed by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) that would expand the authorities of the Department of Homeland Security to regulate the security defenses of critical infrastructure operators in the private sector.

Reid has indicated that that bill, likely in a revised form, will be the legislation that will come to the floor, at which point a slew of amendments are expected to be offered, perhaps including one containing Bingaman's energy-sector provisions.

Continue Reading