With irrefutable proof in hand that hackers have penetrated the U.S. electricity supply system, and the tragic situation in Puerto Rico reminding us that life without electricity is harsh — not only no lights, but no banks, ATMs, internet or communications, limited food and water supplies, hospitals unable to provide services — it is welcome news that the Department of Energy has established a new office dedicated to cyber and energy security, and emergency response.
Now it needs to make it work, and the sooner the better.
Following the leadership of senators Lisa Murkowski, R-Alaska, and Maria Cantwell, D-Washington, in securing funding for the Office of Cybersecurity, Energy Security and Emergency Response, DOE should act swiftly to appoint and empower an assistant secretary with the knowledge and experience to identify and address near-term, high-probability threats to our electric grid — especially a large-scale cyber-attack — and to do so quickly and transparently.
DOE faces a huge challenge in wrapping its arms around the sprawling U.S. electric supply system and the thousands of companies, regulatory agencies and associations that own, operate, regulate and control what has been called the largest machine in the world — the approximately 5,800 power plants and more than 2.7 million miles of power lines that form the U.S. electric grid.
And driving major improvements to the grid may also require a willingness by DOE to upset the status quo. While the traditional electric utility industry is making efforts to strengthen the grid, it needs to do so more rapidly and transparently. Given the urgency of our situation — foreign hackers inside our power supply control centers, able to damage or shut down the grid — federal leadership and oversight is necessary and warranted.
Make no mistake — fixing our national grid vulnerabilities meets the modern-day definition of a “moonshot” — a huge challenge in need of highly innovative solutions, including breakthrough technology to make those solutions possible and keep our lights and communications on, our factories working, our grocery stores and hospitals open, and our security intact.
DOE must aggressively lead a national effort — a moonshot to tap quickly into and bring together the resources of Homeland Security, the Federal Energy Regulatory Commission, and the National Institute of Standards and Technology, among others, to focus on four national imperatives:
—Rapidly identifying exactly where critical grid improvements and upgrades are needed.
—Implementing a national plan to drive key short- and long-term grid improvements.
—Developing necessary regulatory reforms to ensure that our bulk power system can repel the imminent and emerging threats we face.
—Working with Congress to establish the public and private funding mechanisms, including the potential use of tax-exempt government bonds, to fund these critical improvements and protect our national security and welfare.
Every U.S. president since 1990 has acknowledged that the threats to our power system are real, and each requested comprehensive plans to address promptly the looming potential risks. Sadly, little progress has been achieved. And as the recent Russian hacking made clear, the threats are now far more sophisticated, and the potential consequences more significant than ever.
With the creation of the new cyber security office, the ball is now officially in DOE’s court, and the agency is empowered to act with the urgency the situation demands. DOE must seize the reins and act proactively in the national interest. The government institutions that Americans rely upon cannot be on the defensive, responding only after something has gone wrong.
As DOE Secretary Rick Perry put it when announcing the new DOE office, “I have no higher priority … (than) protecting our nation’s energy infrastructure from cyber threats, physical attack and natural disaster.”
We know that cyber-attacks on the electric grid are more likely today, and that they are the hardest to detect and prevent. To harden the grid in the short-term, DOE should immediately tap into the vast cyber-security expertise that is available in U.S. federal agencies and make that resource readily available to electric grid owners responsible for fending off cyber-attacks.
On a larger scale, using a combination of available advanced technology, emerging best practices for improving grid security, and the ability of the federal government to forge public-private partnerships with key segments of the business community, Perry must lead the moonshot effort to ensure that our level of energy infrastructure protection is as hard, robust and resilient as the escalating threats demand. It is incumbent upon DOE and Congress to set aside partisanship and protect America’s citizens and economy.
Put very simply, foreign hackers have penetrated our defenses and placed an offensive weapon in the heart of our most vital system — the electric grid — and we have no choice but to root them out and do everything we can to prevent re-entry. This is, in fact, a genuine national security issue and failure is not an option.