As the number of cyberattacks impacting critical infrastructure continues to grow, members of Congress and representatives from the Department of Energy (DoE), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Energy Regulatory Commission (FERC) agreed that more needs to be done to protect the electric grid from a potentially “devastating” cyberattack.
That was one of the top takeaways from a July 27 hearing of the House Committee on Oversight and Reform’s Subcommittee on National Security to examine cybersecurity of the electric grid and determine what actions are needed to further protect the grid.
“The electrical grid is the backbone of daily life in America,” Chairman Stephen Lynch, D-Mass., said during the hearing. “It provides energy to heat our homes, power our hospitals, and charge our smartphones. It is also a priority target for state and non-state cyber adversaries. A successful attack on the electric grid could have devastating consequences for U.S. national security and economic interests.”
Witnesses acknowledged the Biden Administration has taken steps to protect the United States’ cyber defenses and critical infrastructure, such as President Biden’s 100-day plan, led by the DoE and CISA, “to strengthen the security and resilience of the U.S. electrical grid,” Chairman Lynch said.
Even with the Biden Administration’s recent actions, Eric Goldstein, CISA’s executive assistant director for cybersecurity, noted the “possibility of a highly damaging cybersecurity intrusion, affecting a national critical function, such as the provision of power to the American people is certainly a possibility.”
Goldstein noted that there are still a number of cyberattacks that go unreported to the U.S. government, and emphasized the need for increased collaboration with the private and public sector when it comes to cybersecurity.
This lack of reporting “limits our ability to develop actionable information that could be used to protect other victims before similar events occur, and it limits our ability to understand the extent of national risk,” Goldstein said.
Goldstein also said his agency will soon be launching the newly renamed Joint Cyber Defense Collaborative, as established by last year’s National Defense Authorization Act (NDAA), to help the private and public sector work together to mitigate and understand cyber threats facing the United States.
“As a general point, efforts that we can take as a country to drive adoption of better security controls will lead to improvements to our national security, economic security, public health and safety. There are a number of roads that we can take to that outcome,” Goldstein said. He noted that “regulation and standards” and “broader cybersecurity grants” are good places to start.