A panel of Federal and non-profit witnesses said that expanding both partnerships with industry and information-sharing to further help secure the U.S. electric grid at a House Energy and Commerce Committee Subcommittee on Cyber Threats hearing today.
Karen Evans, assistant secretary of the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) at the Energy Department (DoE), and Jim Robb, president and CEO of the North American Electric Reliability Corporation (NERC), told representatives that amid the progress DoE and electric utility companies have made in improving electric grid security, strengthening private-public partnerships is essential to maintaining momentum.
More specifically, Robb said that “mandatory enforceable reliability standards, information-sharing, and partnerships with our sector-specific agencies,” have been key to ensuring the U.S. electric grid, but that creating information-sharing methods that ensure real-time communication and constant situational awareness across the electricity industry and Federal organizations is key.
“[Federal agencies should] more rapidly declassify information to get it into actionable insights that we need to get out to industry,” Robb said.
J. Andrew Dodge, Sr., the Office of Electric Reliability director at the Federal Energy Regulatory Commission (FERC) – a component of DoE that oversees NERC – agreed with Robb. FERC approves Critical Infrastructure Protection (CIP) cyber and information security standards that NERC develops, and Robb added that sharpening information-sharing will help update CIP standards to more closely match the ever-evolving nature of cyber threats.
There are currently 12 mandatory CIP standards, but the witnesses cited NERC’s work to update them. Dodge said that NERC most recently added supply chain risk and improved cybersecurity incident reporting standards, and Robb added that NERC intends to develop requirements around cloud computing and electromagnetic pulse security later this year.
The representatives offered keen responses to aid the witnesses in keeping the electric grid secure. Rep. Jerry McNearney, D-Cali., emphasized his and Rep. Bob Latta’s, R-Ohio, introduction of H.R. 359, the Enhancing Grid Security Through Public-Private Partnerships Act, and H.R. 360, the Cyber Sense Act.
“H.R. 359, Enhancing Grid Security Through [Public-Private] Partnerships Act – would create a program to enhance the physical and cybersecurity of the electric utilities through assessing security vulnerabilities and increasing cybersecurity training and collect data,” McNearney said. “The Cyber Sense Act would create a program to identify cyber secure products for the bulk of our grid through testing and verification program.”
Committee Ranking Member Rep. Fred Upton, R-Mich., praised McNearney and Latta’s legislative efforts, but also emphasized that DoE has already “used its own authorities to implement enhanced leadership over cybersecurity and to improve inter-agency coordination.”