Security Strategy, Plan, Budget

Trying to keep the lights on

Watching a turbine blow up in a laboratory setting or hearing about a hacker cutting the lights to a bunch of overseas residents, while attention grabbing, really doesn't mean much when it comes to securing our nation's critical infrastructure.

But this week - on the same day, no less - two major events occurred that could reshape public policy as it relates to safeguarding America's precious resources, such as the electric grid.

First, the Government Accountability Office, the investigative arm of Congress, issued a scathing report that severely questioned the adequacy of security at the Tennessee Valley Authority, the nation's biggest public power company.

Not long after, the House Subcommittee on Emerging Threats, Cybersecurity and Science and Technology met with officials from the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corp.

Saving you the laborious chore of reading through hours of testimony, I'll summarize the meeting: The power grid is in trouble. Take Rep. James Langevin's, D-R.I., opening statement:
 I think we could search far and wide and not find a more disorganized, ineffective response to an issue of national security. As time passes, I grow particularly concerned by NERC, the self-regulating organization responsible for ensuring the reliability of the bulk power system...If NERC doesn't start getting serious about national security, it may be time to find a new electric reliability organization.

The problem, NERC says, comes down to authority. NERC can only issue voluntary guidance to power companies; acting on anything security-related is up to each individual utility. Meanwhile, cybersecurity regulations imposed by FERC, the federal agency charged with regulating electricity, do not take effect for two years.

Plenty of time for an attack.

What will come out of this? New legislation is the likeliest bet.

But as we know from other attempts at forming cybersecurity law - for instance, a federal data breach notification rule - getting anything approved is a time-consuming process.

But let's look on the bright side, so to speak. Congress, at least some members, sound upset. And the topic is on the agenda.

At least for now.

 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.