Bipartisan Policy Center launches initiative on protecting electric grid

Source: Annie Snider, E&E reporter • Posted: Monday, May 20, 2013

Three former top energy and security officials are taking a stab at the cybersecurity challenges facing the electric power sector.

The Bipartisan Policy Center this morning announced the launch of an Electric Grid Cyber Security Initiative that will develop recommendations about how the government and private companies can protect the grid from cyberattacks. The initiative will be co-chaired by retired Gen. Michael Hayden, former director of the Central Intelligence Agency and National Security Agency; Curt Hebert, a former chairman of the Federal Energy Regulatory Commission and former executive vice president of Entergy Corp.; and Susan Tierney, former assistant secretary for policy at the Department of Energy and a former Massachusetts public utility commissioner.

The energy and electric power sectors have emerged as prime targets for hackers, U.S. security officials are warning. Earlier this week the top U.S. general in charge of cybersecurity warned that the country is increasingly vulnerable and that an attack like the one that wiped the hard drives of about 30,000 computers at Saudi Arabia’s national oil company last year could occur “in the not-too-distant future” (Greenwire, Sept. 10, 2012).

But much of the country’s critical infrastructure is operated by private companies, and lawmakers have struggled to agree on an approach for boosting protections. A Senate bill last year failed amid fierce partisan battles over whether the federal government should set security standards. In its wake, the Obama administration released an executive order aimed at boosting information sharing about cyberthreats, but all sides agree that the order alone does not solve the problem.

The House last month passed the “Cyber Intelligence Sharing and Protection Act” (H.R. 624), which drew loud objections from privacy advocates and a veto threat from the Obama administration (E&ENews PM, April 18).

The BPC effort aims to bridge some of these divides. According to a news release, the initiative will look at how responsibilities for prevention and response should be allocated, how information sharing about cyberthreats should be handled, and how to protect the privacy of consumer data. The co-chairs will draw on an advisory group of industry experts, former government officials and cybersecurity specialists, the release said.

“The electric power sector has already made important progress in addressing cybersecurity. Given how important electric system reliability is to the nation’s economy, along with its interdependence with other sectors, such as telecommunications and natural gas pipelines, the electric system makes it an interesting case study for cyber security governance,” Tierney said in a statement. “There are important regulatory and other policy questions related to who invests in and pays for electric grid cybersecurity protections.”

The initiative will hold a public workshop over the summer and will release a white paper with recommendations for policymakers in the fall, BPC said.