WASHINGTON –– The United States’ energy infrastructure has increasingly become a primary target for hostile cyber attacks, Assistant Secretary of Energy Karen Evans told lawmakers on Thursday.
“The frequency, scale and sophistication of cyber threats have increased,” she said at the Senate Energy and Natural Resources Committee hearing on cybersecurity efforts in the energy industry.
As a reason for urgent action, Republican and Democratic senators highlighted the actual cyberattacks that occurred since 2015, including a 2015 Russian hack that cut off power to nearly a quarter-million people in Ukraine and another in 2017 that disabled a Saudi petrochemical plant’s safety systems.
“We know we don’t want that to happen here,” said Chairwoman Lisa Murkowski, R-Alaska. “We cannot let it happen in the United States. The resulting loss of power would impact hospitals, banks, cell phone service, gas pumps, traffic lights — you name it.”
Sen. Angus King, I-Maine, pushed one witness on whether the government should implement mandatory standards to the energy industry. Energy agencies under the Trump administration have not set standards to the level Democrats have called for.
“There’s a weird calmness about this hearing. This is not calm! The Russians are already in the grid, are they not?” King asked James Robb, president of North American Electric Reliability Corporation, who eventually said he’d look into the standards. Robb would go no further nor acknowledge the widely reported story that Russian hackers have infiltrated the energy grid.
To limit vulnerabilities, David Edward Whitehead, CEO of Schweitzer Engineering Laboratories, said the government must communicate with industry quickly when it identifies these energy cyber threats.
““There’s a lot of reporting up that [we do] to various agencies, but what we don’t see is that there’s not a lot of reporting back down to us. There seems to be a one way communication,” he said, calling for a daily 8 a.m. conference call with government officials and industry leaders to discuss any potential cybersecurity threats that day. He said that this brief call would help keep industry more informed and prepared for essential cybersecurity measures.
Many Republicans, however, were hesitant to support mandating any standards in what they say is a “dynamic” industry. For Sen. Martha McSally, R-Ariz, though, the government should act now.
“If I close my eyes, this sounds like a hearing from 19 years ago,” she said. “What has changed in 19 years is that… the threat is real, and it is happening.”
Moving forward, King hopes to see the committee focus on deterrence of adversaries, who he says haven’t felt a price from these cyberattacks.
“Thus far there has not been a doctrine or a strategy of this country that deters these kinds of attacks as there is in other areas of our national security,” he said.