Industry, government team up to protect electric grid from cyber security threats
As part of National Cybersecurity Awareness Month in October, utilities, government and businesses are working together to ensure the country’s electric grid is safe from cyber threats, while making sure that consumers have the tools they need to stay secure online.
With the theme of this year’s campaign being “Own it. Secure it. Protect it,” security experts, utility officials, information system leaders and infrastructure security professionals are urging individuals to learn about what they can do to promote online safety, including taking proactive steps to enhance cybersecurity at home and at work.
“Our utility systems – including electric, natural gas, water, telecommunications and transportation networks – are keys to keeping our communities safe and productive, which makes them prime targets for bad actors,” Pennsylvania Public Utility Commission Chairman Gladys Brown Dutrieuille said in a statement. Brown Dutrieuille also chairs the Critical Infrastructure Committee for the National Association of Regulatory Utility Commissioners (NARUC). “We all play a role in cybersecurity, at home, at work, educating ourselves about ever-evolving cyberthreats and taking steps to #BeCyberSmart.”
According to the U.S. Government Accountability Office (GAO), the country faces significant cybersecurity threats from criminals, terrorists, other countries, hackers and hacktivists who try to infiltrate companies’ industrial control systems.
“The grid is becoming more vulnerable to cyberattacks — particularly those involving industrial control systems that support grid operations,” the GAO said in its report. “The increasing adoption of high-wattage consumer Internet of Things devices — ‘smart’ devices connected to the internet — and the use of the global positioning system to synchronize grid operations are also vulnerabilities.”
“Although cybersecurity incidents reportedly have not resulted in power outages domestically, cyberattacks on industrial control systems have disrupted foreign electric grid operations. In addition, while recent federal assessments indicate that cyberattacks could cause widespread power outages in the United States, the scale of power outages that may result from a cyberattack is uncertain due to limitations in those assessments,” the report continued.
Addressing those risks faces some challenges, the report said, among them hiring a sufficient cybersecurity workforce and limited public-private information sharing.
Protect Our Power, a national not-for-profit organization whose mission is to strengthen the reliability and resilience of the U.S. energy grid, said the country is under attack.
“Serious threats to America’s infrastructure, particularly to the electric grid, have grown significantly in recent years,” said Jim Cunningham, executive director of Protect Our Power. “Virtually every facet of our society and our economy is dependent upon reliable electricity supplies … While we don’t see graphic images flashing across television screens, the harsh reality is that our nation is under attack. Cyberattacks against vital elements of our critical infrastructure occur by the thousands on a daily basis. In the electric sector, we continue to discover that successful intrusions compromising industrial control systems and disrupting the ability of digital systems to communicate with one another are taking place.”
Protect Our Power is working with elected and regulatory officials across the country to raise awareness of the issue, as well as find potential solutions, the organization said. The organization has also commissioned several studies to find gaps in regulatory policies and supply chain vulnerabilities.
In August, the Pennsylvania PUC hosted a utility Cyber Summit in Harrisburg to bring together more than 140 professionals from across the country to discuss the latest threats directed at critical infrastructure and to address cybersecurity best practices, cybersecurity resilience planning and cybersecurity auditing, controls and risk management.
The summit is part of an ongoing effort to help ensure utilities are protected. A new suite of cybersecurity resources released this summer by NARUC, including a Cybersecurity Manual, will help to better equip public utility commissions to deal with the threats.
“The more our state public utility commissions are educated about cyber issues, the better we are able to evaluate current challenges and target future enhancements,” Brown Dutrieuille said.
According to the Edison Electric Institute (EEI), utilities, businesses and government officials have joined forces to ensure the industry can thwart cyberattacks.
“Information sharing among distribution owners, operators, vendors, service providers, and government agencies regarding threat and vulnerability identification and monitoring, incidents, responses, and recovery efforts is needed to prevent cybersecurity incidents from spreading,” EEI said in a report on cybersecurity preparedness. “This is crucial for managing cybersecurity risks that may be present in hardware, software, or third-party services. Addressing supply chain security is a challenge facing the nation and all critical infrastructure providers, but is a priority that is integral to the protection of cyber systems deployed throughout the energy grid.”
EEI said its members, which include all U.S. investor-owned electric companies, invested more than $60 billion in 2018 to enhance the nation’s energy grid and support grid security efforts.
