The more government is able to share information with the private sector, security will be much stronger – especially at utilities.
That is why the head of the North American Electric Reliability Corp. (NERC) and electric utility officials would like the Department of Homeland Security (DHS) to issue more security clearances to executives so they can get a better understanding of the threat and then apply that knowledge to threats to the power grid, speakers said at the Edison Electric Institute’s (EEI) annual meeting.
While NERC President and Chief Executive Gerry Cauley has top secret clearance to view cyber threats and attempts to hack the power grid, he feels additional NERC staff and utility officials should be able to see similar information. Because different agencies are a part of the security clearance process, and “sometimes the government moves slow” on such matters, Cauley said NERC is working with the Department of Energy to speed up the process for top executives.
Legislation is pending in Congress that would have utilities improve information sharing and beef up their cyber security protections, but “we can’t solve a problem we don’t really know about,” said Joe Rigby, chairman, president and chief executive of Pepco Holdings.
Legislation that passed the House of Representatives, sponsored by Representative Mike Rogers, Republican from Michigan, is now pending in the Senate, where a similar version sponsored by Senator John McCain, Republican-Arizona, would enhance information sharing among industries and the government.
With smart grid technologies bringing more digital equipment to the grid and utility operations, utilities should hold vendors to rigorous security standards and ensure software does not provide an unintended connection for hackers to access critical infrastructure, said Ido Dubrawksy, leader of the security engineering team at Itron.
The complexity of the Internet allows connections to components and systems designed to be secure and removed from Internet access, and microchip manufacturers and others should be doing more vigorous testing for anything used by utilities, Dubrawsky said. “Utilities are making significant strides in this area, but the scope of the problem is bigger than we realize,” he said.