U.S: New Cybersecurity Organization to Defend Power Grid

U.S: New Cybersecurity Organization to Defend Power Grid

This post is also available in: heעברית (Hebrew)

13599010_m featureIn 2013, U.S. critical infrastructure companies reported about 260 cyberattacks on their facilities to the federal government. Of these attacks, 59 percent occurred in the energy sector.

According to HLS News Wire a new report, co-authored by former CIA and NSA director, Gen. (Ret.) Michael Hayden, proposes that energy companies should create an industry-led organization to deflect cyber threats to the electric grid. The organization would extend membership to power companies across North America, including large generators as well as local distribution utilities. Modeled after the nuclear industry’s Institute of Nuclear Power Operations, the proposed organization, to be called the Institute for Electric Grid Cybersecurity, would oversee all the energy industry players that could compromise the electric grid if they came under a cyberattack.

We believe such an organization could substantially advance cybersecurity risk-management practices across the industry,” the authors write. The report, released last week by the Bipartisan Policy Center, also evaluates current initiatives aimed at protecting the North American electric grid from cyberattacks.

Critical infrastructure companies are increasingly concerned about cyberattacks, but NextGov reports that the energy sector has already made important strides in protecting the electric grid because it is subject to mandatory cybersecurity standards enforced by the U.S. government. These standards mainly focus on high-voltage transmission facilities and large generators, and often excludes distribution vendors which deliver power to residents and businesses. Distribution level cyberattacks, however, could disrupt power lines that affect critical utilities like telecommunications, water systems, and oil pipelines.

iHLS – Israel Homeland Security

In some cases, cyberattacks on distribution system facilities could have consequences that extend beyond that system,” the report’s authors write. “Simultaneous attacks on multiple distribution utilities, or an attack on a single utility’s distribution operations in multiple locations, could have broader ramifications for the bulk power system.”

The 2003 Northeast blackout cost $6 billion in economic loss, and while that incident was blamed on a tree branch in Ohio, a cyberattack combined with a physical attack could lead to greater losses.

The proposed organization would not interfere with the industry standard-setting organization, the North American Electric Reliability Corporation (NERC), or the government agency that enforces industry standards, the Federal Energy Regulatory Commission (FERC). The authors of the report also assure that “at present, we do not believe that there is a sufficient case for expanding FERC’s jurisdiction to encompass cybersecurity at the level of the distribution system.”