Virtually every day our nation is under attack. Instead of using bombs and guns, these attackers use computers, but their ability to disrupt our daily lives should not be taken lightly. Even in a difficult budget environment, the protection of our critical infrastructure, and particularly of our nation’s electricity delivery system, is one of the best places to invest the appropriate levels of resources and skill to ensure that cyber attackers are never able to grind our economy to a halt. Failure to do so threatens our economy and our national security.
While legislators on Capitol Hill have been seeking to address cyber security threats for years, no legislation has gained enough traction on Capitol Hill in order to become law. A renewed legislative effort in this area is now underway with both the Senate Homeland Security Committee and its companion House committee considering potential cyber security legislation. The potential success of these latest efforts is unclear at this point.
So why is this an energy issue? Because among the most potent conceivable cyber attacks would be a successful intrusion to our electricity grid. Fortunately, no attacks have been successful—yet. But that shouldn’t lull Congress into inaction on this issue.
Successful attacks on critical infrastructure control systems have occurred in other countries, making this threat more than just the plot from a Hollywood movie. Action is best taken now, rather than later, when the costs of an interruption to our nation’s electric power supply could be incalculable.
Along these lines, it was encouraging to hear the Department of Energy’s announcement earlier this January of a collaborative effort with the Department of Homeland Security to defend against the mounting cyber threats to the nation’s electrical grid. The Electric Sector Cyber Security Risk Management Maturity Project (the “Maturity Project”) purports to leverage the insight of public sector experts with private industry expertise to build upon existing cyber security measures and strategies. The goal is to create a comprehensive and consistent approach that will serve to protect the nation’s electricity delivery system from cyber attack. While the ultimate success of this effort remains to be seen, the foundation of a public/private partnership upon which the effort is based is commendable and will hopefully serve as a model for pending efforts by Congress to act to defend our nation against cyber threats.
Some of the stalled legislative proposals on Capitol Hill have implied that the government can solve our cyber security vulnerabilities in a top-down regulatory fashion, however, the Maturity Project instead recognizes the substantial value that private industry can bring to the table when seeking to defend our critical infrastructure from cyber incursions. The private sector has built, operates, and maintains the majority of the electricity delivery infrastructure in America – one of the greatest machines on Earth. Thus, it is imperative that the human capital most familiar with these complex and expansive facilities be consulted both to harden long-term defenses against perceived vulnerabilities, as well as when an imminent cyber threat to the electric grid is detected by government intelligence agencies. Only such a partnership will ensure that the most appropriate resources are focused where they can add the most value toward protecting our electric delivery infrastructure.
Further, it is vitally important that government agencies provide private industry with credible, specific, and actionable information relating to imminent or ongoing cyber attacks that may compromise the reliability of the electric delivery system. The protection of our economic viability and national security is far too important for relevant information to be classified and held by those whom are powerless and without the technical knowledge to take effective, protective action. The Maturity Project will best serve its stated goals by ensuring that the lines of communication between government and the private sector are opened – and remain open – to address cyber security challenges immediately upon their emergence. Congress will be well-served to build upon this model in its efforts to codify national cyber security protections.
We all hope that we will never have to read about the impacts of a significant, cyber-related interruption to our nation’s power supply. Hopefully a continued emphasis on the development of effective public-private partnerships will prevail in lieu of a heavy-handed, top down, and immediately outdated regulatory framework. Only a true partnership against cyber threats will succeed in leading the relevant government and industry stakeholders at least one step further down the path toward a smart – and secure – electrical grid.