Protecting the national electricity grid from cyber attacks is a “critical national security issue” for the United States and the industry needs to do more to protect itself from threats posed by hackers and other cyber criminals.
That’s according to a new report by Washington DC think tank the Bipartisan Policy Center. Titled Cybersecurity and the North American Electric Grid: New Policy Approaches to Address an Evolving Threat, it recommends a number of initiatives it believes would help bolster the cyber security of the North American electricity grid.
It calls for the electric power industry to establish an organisation modelled on the nuclear power industry’s Institute of Nuclear Power Operations (INPO) to develop cyber security performance criteria and best practice for the entire industry.
The report suggests Congress should adopt regulation to encourage organisations in the power industry to become part of the new body.
Additionally, Bipartisan Policy Center also proposes that the federal government should provide “backstop” cyber security insurance to the private sector until their practices are more fully developed.
More collaboration about cyber security threats between electrical power suppliers, government and the education sector is also recommended, with educators called on the develop computer science curricula built around industrial control system cyber security.
“Timely information sharing is the primary way to identify, assess and respond to threats in real time.
The intelligence community needs to identify best practices for sharing classified information in a way that is actionable for industry,” said General Michael Hayden, former director of the Central Intelligence Agency and National Security Agency and author of the report.
Susan Tierney, former assistant secretary for policy at the Department of Energy, emphasised that government support is needed to improve cyber security regulations in the power industry.
“Utilities are expected to spend roughly $7bn on cyber security by 2020. That’s not chump change,” she said.
“A key question moving forward is how the cost of such investments will be distributed. Some government leadership is needed to help regulators better evaluate investments. We should also provide support for entities that own critical facilities but may lack resources to make investments,” Tierney added.
Here in the UK, a recent report claimed information freely available on the web could be leaving the UK’s critical national infrastructure vulnerable to cyber attacks. It suggested information on blogs, social networks and specialist papers could be used to mount cyber attacks on utilities.