Cybersecurity experts offered solutions to protect the U.S. electric grid, including moving the grid off of the public Internet, and using quantum encryption capabilities.
“The nation’s electrical grid is a vital resource upon which our economy and our citizens’ daily lives depend,” said Richard Raines, director of the Electrical and Electronics Systems Research Division at Oak Ridge National Laboratory, at a Senate hearing on Oct. 26. “It is also a system that is highly vulnerable to cyber intrusions as more and more utility controls and ‘smart’ technologies rely on public Internet connections. These advanced technologies give operators better control and make the grid more efficient and resilient. But they come at a price: the potential exposure of devices and systems to very savvy computer specialists whose intent may be nefarious.”
Sen. Lisa Murkowski, R-Alaska, said she considered the implications of taking the electrical grid off of the public Internet and using stronger encryption capabilities.
“What happens when electricity is out for an extended period of time?” Murkowski said. “We must look to ways to harden the grid from constant cyber intrusions.”
“The grid has never faced a threat of the type and severity as it is experiencing today,” said Duncan Earl, president and chief technology officer of Qubitekk. “Over 70,000 power substations throughout our country rely on smart devices to maintain the delicate balance between energy generation and energy demand. Effective coordination between these devices is possible only when they share data that is accurate and uncompromised.”
Earl said that the solution to this is quantum technology, which enables communications that cannot be intercepted or altered, because it would be immediately detected and thwarted. This solution is rooted in physics and uses hardware to create a trusted and secure channel. Quantum technology uses the laws of quantum physics to generate secret keys that cannot be cracked.
This would aid the National Labs at the Department of Energy to protect identities, use cryptographic ledger to ensure trusted data, use attributed isolated networks, use machine speed threat detection, and use automated response and remediation.
The Pacific Northwest National Laboratory and the North American Electric Reliability Corporation (NERC) Electricity Information Sharing and Analysis Center (E-ISAC) have increased information sharing capabilities through the Cyber Risk Information Sharing Program (CRISP). These organizations provide cyber risk information for 75 percent of the electric grid.
“Fundamental science and technology offer important opportunities to complement cybersecurity situational awareness with improved defensive tools spanning the growing challenges at both the grid edge and core grid operations,” said Carl Imhoff, director of the Electricity Market Sector at the Pacific Northwest National Laboratory.
Sen. Maria Cantwell, D-Wash., said that the government must increase the Energy Department’s cybersecurity budget so that it can invest in protecting its infrastructure.
“Cybersecurity is the one issue that keeps me up at night worrying about how foreign entities and actors might attack us,” Cantwell said. “Our enemies could succeed in bringing widespread blackouts.”