Strong government-industry partnerships keeping electric grid secure
PHILADELPHIA – Federal officials and energy industry leaders this week discussed the importance of government-industry partnerships and information sharing for protecting U.S. energy infrastructure and ensuring reliable electric service.
“We’re bored of talking about information sharing at this point, but in reality, it is one of the most critical things that we do,” Brian Harrell, assistant secretary for infrastructure protection at the U.S. Department of Homeland Security (DHS), said on a panel Monday at the Edison Electric Institute’s (EEI) annual conference in Philadelphia. “If I know something … you should know as well, and I think we’re pretty passionate about that.”
DHS works with the U.S. Department of Energy (DOE) and the Electricity Subsector Coordinating Council (ESCC), which is the primary liaison between the electric power industry and the federal government, to share information through the Electricity Information Sharing and Analysis Center (E-ISAC). Harrell said that DHS and the industry need to focus on building and supporting the E-ISAC.
Hawaiian Electric Industries President and CEO Connie Lau, who moderated the panel, noted that the ESCC is working to put in place memorandums of understanding and other agreements to improve information sharing but that it’s still early in this process.
Two newer entities within DHS and DOE have aided in information sharing. The Cybersecurity and Infrastructure Security Agency (CISA), an agency overseen by DHS, was created in November 2018 with the signing of the Cybersecurity and Infrastructure Security Agency Act of 2018. CISA serves as “the nation’s risk advisor.”
In February 2018, U.S. Energy Secretary Rick Perry established at DOE the Office of Cybersecurity, Energy Security, and Emergency Response (CESER), which focuses on energy infrastructure security, including response to physical and cyberattacks, natural disasters, and man-made events.
Adrienne Lotto, acting principal deputy assistant secretary of CESER, discussed the agency’s Cybersecurity Risk Information Sharing Program (CRISP), a public-private data sharing and analysis platform that facilitates the sharing of threat information in the energy sector.
She noted that while CRISP has been successful, DOE is working to make information sharing through the program faster and to take a more holistic approach to information sharing across sectors.
“There’s a lot of great work that’s already happening between the federal government and our industry partners, but I think we’re hoping to get even better,” Lotto said.
Commissioner Bernard McNamee of the Federal Energy Regulatory Commission (FERC) emphasized the fact that information sharing needs to go both ways between government and industry.
“Every utility out there is now the eyes and ears as well,” McNamee said. “It’s not just the government pushing down saying ‘this is what we know.’ It’s you all looking at your systems and being able to identify issues … and sharing this information up.”
When Lau asked the panelists what they envision in five years in regards to industry and government working together on cyber threats, the panelists noted that continued collaboration, enhanced information sharing and constant vigilance of changing threats will be key.
Lotto said that she hopes that information sharing will continue to improve and that we will have “closed a lot of either the data gaps or the policy gaps or the legislation that’s needed to advance the energy security that we’re all hoping to achieve.”
