Cybersecurity
Idaho National Laboratory is an 890-square-mile complex located in the high desert of eastern Idaho.
Legislation would establish a two-year pilot program at the Energy Department’s national laboratories to identify new security vulnerabilities in parts of the grid whose compromise could threaten public safety or national security.
across ICS software, applications and system designs,” states the report, which includes recommendations on how to fortify U.S. critical infrastruc- ture against cyberattacks.
“Restoring these operational tech- nology systems after a cyberattack requires specialized, utility-specific training, which will limit mutual assis- tance operations unless such chal- lenges are resolved,” the report states.
The Electricity Subsector Coor- dinating Council, a forum for utility industry representatives to collabo- rate with government on grid secu- rity measures, is trying to address that challenge.
The council is creating a Cyber Mutual Assistance program that “will pool cyber experts to coordi- nate response to a significant cyber incident,” said Richard Ward, senior manager for national security policy at Edison Electric Institute, a util- ity association and a member of the council.
“In addition to cyber and IT experts, [the program] also will exam- ine deploying engineers and substa- tions technicians in the event we have a Ukraine-style cyberattack on the grid,” Ward added.
Who will pay for it?
The federal government has made siz- able investments in grid security, and utilities on the front lines are projected to spend billions on cyber defense.
The Obama administration’s fiscal 2017 budget request for DOE includes $378 million for research and devel- opment for grid modernization — an $83 million increase from the amount spent in fiscal 2016. The DOE request also calls for more than $333 million for cybersecurity — $9.5 million above the fiscal 2016 enacted amount.
By contrast, U.S. utilities are expect- ed to spend about $7 billion on cyberse- curity by 2020, according to the Bipar- tisan Policy Center.
Despite all the money being allocated to cybersecurity, analysts say it must be spent in a more targeted manner.
“We need objective criteria that state [public utility commissions] can use in order to determine whether proposed investment in cybersecurity and cyber resilience is prudent,” Stockton said. “And that is a challenge that remains to be met.”
Of course, no amount of spending guarantees security, and as utilities pour money into defense, U.S. officials warn of growing threats to the grid.
Adm. Michael Rogers, director of the National Security Agency and com- mander of U.S. Cyber Command, said in March that it is not a matter of if but when a nation-state or other group will conduct a destructive cyberattack on U.S. infrastructure. He cited the hack of the Ukrainian grid as an example.
Rogers’ warning echoed those from within the Defense Department. Just weeks earlier, two Navy admirals sent a letter to Defense Secretary Ash Carter asking him to pay greater attention to ICS cybersecurity.
ICS vulnerabilities “will have seri- ous consequences on our ability to execute assigned missions if [they are] not addressed,” wrote Adm. William Gortney and Adm. Harry Harris, who are the commanders of U.S. Northern Command and U.S. Pacific Command, respectively. Northern Command’s charge includes defending the U.S. in the event of a catastrophic cyberattack.
The hack of the Ukrainian grid will likely continue to drive the policy con- versation in Washington as lawmakers size up the historic cyberattack.
“This is a big wake-up call,” Stockton said. “We can anticipate the risk that adversaries will use more sophisticated weapons against the United States.” n
20 July 15, 2016 FCW.COM
INL.GOV