Senate Cybersecurity Hearing: “The Russians are already in the grid!”

Cybersecurity hearing reveals that little has been done in past decade


Senate Cybersecurity Hearing

On February 14, 2019 The Senate Committee on Energy and Natural Resources held a hearing entitled: “Hearing to Consider the Status and Outlook for Cybersecurity Efforts in the Energy Industry.”

Unfortunately, the testimony from the people who are supposed to be protecting the electric grid was not confidence inspiring. It confirms what I have been reporting: the regulatory failure in our electric grid. I can boil it down very simply (Senator Martha McSally said something very similar to what I am about to say at 1 hour and 36 minutes).

Timeline of a Looming Cybersecurity Disaster

Here’s my point – a simple timeline with two dates:

Ten years ago, on April 8, 2009 the Wall Street Journal disclosed in an article entitled “Electricity Grid in U.S. Penetrated By Spies”:

Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

“The Chinese have attempted to map our infrastructure, such as the electrical grid,” said a senior intelligence official. “So have the Russians.”

On January 10, 2019 – 10 years later – the Wall Street Journal published an article entitled “America’s Electric Grid Has a Vulnerable Back Door—and Russia Walked Through It.” The article reports:

A reconstruction of the hack reveals a glaring vulnerability at the heart of the countryʼs electric system. Rather than strike the utilities head on, the hackers went after the systemʼs unprotected underbelly—hundreds of contractors and subcontractors like All-Ways who had no reason to be on high alert against foreign agents. From these tiny footholds, the hackers worked their way up the supply chain. Some experts believe two dozen or more utilities ultimately were breached.

Have FERC and NERC Addressed Cybersecurity?

So in the last 10 years, have the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) – the purported “regulators” of the grid – made us safer? Is the regulatory scheme of the electric grid working? The answer is clearly no.

Although FERC Chairman Neil Chatterjee and NERC President and Chief Executive Officer James B. Robb try to woo us into a false sense of security with all their lip service on partnership and collaboration, the only people they have made safer are the Russian and Chinese hackers – who are still freely roaming though the electric grid after a decade.

So what exactly have you guys been doing?

A great example of this regulatory incompetence is Senator Angus King’s questioning of NERC boss James B. Robb starting at 1 hour and 30 minutes. Here is the video clip of this part:

This exchange between Senator King and Mr. Robb is telling:

Sen. King:  “Okay let me ask another question. Do any of our utilities have Kaspersky, Huawei, or ZTE equipment in their system?”

Mr. Robb: “We issued a NERC alert.”

Sen. King: “I didn’t ask you if you issued an alert. I asking you do any of our utilities have ZTE, Huawei, or Kaspersky equipment or software in their system?”

Mr. Robb: “Not to my knowledge.”

Sen. King: “Not to your knowledge. Have you surveyed any of the utilities to determine that? ”

Mr. Robb: “Uhhh, I don’t believe we have.”

Sen. King: “I think that would be a good idea don’t you?” 

Mr. Robb: “I’ll take that on.”

(NERC Chief James Robb looks like a deer in the headlights during this exchange.)

To me, Senator King nails it: “The Russians are already in the grid.”


Hearing: Senate Committee on Energy and Natural Resources

Hearing to Consider the Status and Outlook for Cybersecurity Efforts in the Energy Industry

To View Webcast Click Here

Opening Remarks

Witness Panel 1

Permalink: https://www.energy.senate.gov/public/index.cfm/2019/2/hearing-to-consider-the-status-and-outlook-for-cybersecurity-efforts-in-the-energy-industry

Related Files

C-SPAN Audio of Hearing

Below is an audio version of the hearing from C-SPAN – it starts right away, so the times are different than the archived webcast.