|
Videos
December 7, 2011 By Mike Barton
Securing the nation’s electric grid is already a top priority in Washington, and with the grid growing smarter it is expected to become even more vulnerable, pressing the bigger question of which agency will manage it.
The Massachusetts Institute of Technology’s (MIT) Energy Initiative released a comprehensive report this week, The Future of the Electric Grid, and among the recommendations is that a single agency take charge of securing the nation’s grid.
“As communications systems expand into every facet of grid control and operations, their complexity and continuous evolution will preclude perfect protection from cyberattacks,” the report says in its findings.
Mark Weatherford, now deputy undersecretary for cybersecurity at the U.S. Department of Homeland Security (DHS), noted in a column for Government Technology in April that a Forrester Research analyst, Unman Sindhu, called the “smart grid ‘the cloud computing of the utility industry.’” Weatherford added that “with the evolving nature of cybersecurity in the cloud arena, that alone should give us pause.”
MIT’s report concurs, but with refrain. "Despite alarmist rhetoric, there is no crisis here. But we do not advise complacency," the report says. A key recommendation to not sit idle: That the federal government “designate a single agency to have responsibility for working with industry and to have the appropriate regulatory authority to enhance cybersecurity preparedness, response and recovery across the electric power sector, including both bulk power and distribution systems.”
The report notes that while recent proposals by the U.S. House of Representatives and the Senate Energy Committee would designate an agency to watch over the electric grid’s cybersecurity, the Barack Obama administration “seems to have given more weight to the DHS’ broad expertise in cybersecurity and its multisector responsibility, while the Congress seems to have given more weight to [the Department of Energy] and [Federal Energy Regulatory Commission’s] specific knowledge of the electric power industry.”
“There is currently no national authority for overall grid cybersecurity preparedness. FERC and [the North American Electric Reliability Corp. (NERC)] have authority over cybersecurity standards development and compliance for the bulk power system, but there is no national regulatory oversight of cybersecurity standards compliance for the distribution system,” the report states.
“Compliance with standards does not necessarily make the grid secure,” the report posits.
A spokeswoman for NERC, Kimberly Mielcarek, said, "We would ... welcome one agency being in charge should an emergency arise — which agency that is would be up to Congress to decide and we wouldn't speculate on who it should be."
Rep. Dan Lungren (R-Calif.), who chairs the House Homeland Security's Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee, is expected to introduce a bill next week that would designate the DHS as the lead agency for securing the nation’s critical infrastructure, including the electric grid.
Lungren opened a subcommittee meeting [http://homeland.house.gov/hearing/subcommittee-hearing-hearing-draft-legislative-proposal-cybersecurity] Tuesday, Dec. 6, on cybersecurity saying: “Congress needs to act to improve our cyberdefenses by designating the responsible agency in government to coordinate defense of the government networks.”
“We agree with the administration that the Department of Homeland Security is the appropriate agency to lead this effort and protect our critical information infrastructure. My bill codifies DHS’ cyber roles and responsibilities,” he said
“The cyberthreat must be addressed in partnership with the private sector, which owns most of the country’s critical infrastructure. This will require establishing ‘a true trusted partnership’ between government and the private sector,” he told the hearing on Tuesday.
Lungren does not expect that his bill will be voted on this year.
You may use or reference this story with attribution and a link to
http://www.govtech.com/security/Security-Grid-Demands-Single-Federal-Agency.html
Collaborative Justice: Transforming Criminal Justice Services Through Unified Collaboration
Cloud-Based Services Accelerate Public Sector Adoption of Video Collaboration
Yes, the distribution systems also need protection. Imagine a hacker learns how to "adjust" the remote-read electric meters. By artificially lowering the readings on many neighbors of an "enemy", the hacker could up the reading of the target over several months (keeping the total substation load equal to the real total load), then call in an anonymous tip to the drug task force that "hey, man, they're growing weed in their basement." Nothing earth shattering for the network, but devastating to a family that has to go through the legal system to prove their innocence.
Mark Weatherford is a good fit for his new role and hopefully will look to Joe Weiss and others like him for advice. One major problem that needs to be addressed in the cyber security arena, similar to other disciplines, is the critical need to set requirements wherein cyber security staff in the IT and SCADA realms, have the requisite training, experience and qualifications, and have thorough background checks. This is especially needed in government owned and operated utility type organizations. Finally, regular internal and external compliance audits of cyber security planning and operations should be manadatory. Whether FERC, NERC or DHS is designated the lead agency, all three should be teamed together to leverage expertise and authorities.
Somehow this fairytale of centralizing 'genius' gov't. is being accepted without conscience of what happens when such policies are pursued. Throughout history it is proven that when policies are taken out of the hands of the people at the local level, the incremental wave of tyranny appears. We're constantly wrestling with Congress to do the right thing and now there are those that advocate the single-face power grabbing agencies to have kontrol of our lives? Think again. Real hard.