Security and Cyber Vulnerabilities of the Electric Grid
House Hearing: Implications of Cyber Vulnerabilities on the Resilience and Security of the Electric Grid. Before the Committee on Homeland Security, Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology. (110th Congress) May 21, 2008.
A hearing was held on the cyber vulnerabilities to the resililency and security of the electric grid. Topics included the status of measures against the Aurora vulnerability and the legal authority of the Federal Energy Regulatory Commission (FERC), the validity of information reported by the North American Electric Reliability Corporation (NERC), and the implementation of security by the Tennessee Valley Authority (TVA).
James R. Langevin, chairman of the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology:
First, we will receive an update from the Federal Energy Regulatory Commission, FERC, and the North American Electric Reliability Corporation, NERC, about electric industry efforts to mitigate a cyber vulnerability known as Aurora. I think we could search far and wide and not find a more disorganized, ineffective response to an issue of national security of this import. Everything about the way this vulnerability was handled, from press leaks, to DHS’s failure to provide more technical details to support the results of its test, to NERC’s dismissive attitude to the industry’s halfhearted approach toward mitigation, leaves me with little confidence that we are ready or willing to deal with the cybersecurity threat.
As time passes, I grow particularly concerned by NERC, the self-regulating organization responsible for ensuring the reliability of the bulk power system. Not only do they propose cybersecurity standards that, according to the GAO and NIST, are inadequate for protecting critical national infrastructure, but throughout the committee’s investigation they continued to provide misleading statements about their oversight of industry efforts to mitigate the Aurora vulnerability.
If NERC doesn’t start getting serious about national security, it may be time to find a new electric reliability organization. NERC can begin demonstrating its commitment by incorporating more of the NIST security controls in the next iteration of its reliability standards.
Here is an amazing clip of Rep. Bill Pascrell (NJ):
NERC Press Release:
Click HERE for NERC Press Release on Aurora Vulnerability