Utilities need to spend to beat cyberattacks, leaders say
WASHINGTON — To counter the growing threat of cyberattacks, power utilities must harness the same manpower, money and other resources that they throw at natural disasters, industry leaders said Tuesday.
“Computerized attacks from overseas could disrupt facilities that generate power and the electric grid that transmits it”, said utility executives at an event organized by the Bipartisan Policy Center. And, the executives predicted, it’s not a question of if, but when, a disabling attack will happen.
The questions then become “how do you respond?” and “how was your resilience?” in the face of that attack, Saunders added.
Chris Peters, vice president for critical infrastructure protection at Entergy, said the company has a five-year plan to bolster resources to counter cyberattacks.
“We have to treat the cyberthreat with the same respect that we give to forces of nature that impact our grid,” Peters said. “We have to put the same comprehensive approach and the same attention to cyberthreats as we do to the other threats that impact our system.”
A report released by Sen. Ed Markey, D-Mass., and Rep. Henry Waxman, D-Calif., earlier this year highlighted the threat; according to the lawmakers’ analysis, one power utility said it already fields 10,000 attempted attacks every month.
The electric grid’s vulnerability stems in part from its broad reach. An attack on one region or supplier can quickly ripple to others.
Overall, industry leaders said they need better information-sharing among the nation’s 3,300 utilities and with the federal government to help identify attacks and combat threats.
For instance, said Pepco’s director of information technology infrastructure, Doug Myers, the government could do a better job of giving power utilities “a dynamic feed of known bad IP addresses.”
Saunders stressed that information sharing should be a two-way street. While the focus often is on utilities needing information from the federal government, he said, “I’d like to raise my hand and tell the federal government that I think we have information that may be helpful to you.”
Utilities also insist they need liability protection for good-faith information sharing, but privacy activists have criticized the broad reach of the main legislation to insulate the industry, a bill passed by the House earlier this year. Gen. Michael Hayden, the former head of the CIA and the National Security Agency, said he did not expect congressional action on the issue.
Myers said it was appropriate to talk about the role of the federal government in recouping the costs of better cybersecurity, given the national interest in maintaining a robust grid and electric supply.
Separately, Hayden speculated that cyberattacks could be mounted in retaliation if the U.S. arrests Edward Snowden, the former intelligence analyst who leaked information about top-secret NSA surveillance programs.