The U.S. electricity grid is dangerously vulnerable to sabotage by hackers, spies and terrorists, despite a seven-year effort to protect it from cyberattacks, senators and officials said Tuesday.
With senators differing on the degree of regulation required, the warning comes as the deadline for them to act on a cybersecurity bill before the August recess draws near.
The system for setting and enforcing cybersecurity standards for the nation’s electricity grid is “cumbersome and overly complicated,” Sen. Jeff Bingaman, chairman of the Senate Energy and Natural Resources Committee, said as he opened a hearing on the issue.
Set up by the 2005 Energy Policy Act, the system is “not adequate” for protecting the huge and complex power network from an attack via the Internet, the New Mexico Democrat said.
“Seven years after we passed the law … we are still waiting for that process to produce the full set of adequately protective standards that we need,” Mr. Bingaman said.
The Energy Policy Act gave ultimate responsibility for cybersecurity standards for the power grid to the Federal Energy Regulatory Commission — a long-established federal regulator.
But in response to concerns from the power industry about the burden of new regulations, Congress also told the agency to work through a private industry partnership group, the North American Electricity Reliability Council.
The first set of standards the industry group proposed in 2006 were not approved by the regulator and had to be revised several times. The fourth version finally was approved in April, with the proviso that the private council get the industry to fix the remaining problems by March 2013.
Part of the reason it has taken so long, security specialists say, is that the federal commission does not have the authority to dictate standards to industry.
The commission’s “current authority is not adequate to address cyber or other national security threats to the reliability of our transmission and power system,” said Joseph McClelland, director of the regulatory commission’s Office of Electric Reliability.
Moreover, there is no system for overseeing industry compliance with the standards, Gregory C. Wilshusen, director of information and technology issues at the Government Accountability Office, noted in his testimony.
However, as Mr. Bingaman noted, the power industry is the only sector of the United States’ critical infrastructure to have mandatory cybersecurity standards at all. There are no similar federal requirements for water or transportation systems, for instance.
© Copyright 2013 The Washington Times, LLC. Click here for reprint permission.
By Andrew P. Napolitano
The president's men trash the Constitution to pursue antagonists
Independent voices from the TWT Communities
We welcome you to the intimate and personal thoughts on the news and events we, as editors, watch, read, and discuss with our writers every day.
A collection of reader guest articles, thoughts and opinions by Communities writers and breaking news and information.
News and opinion from a Millennial Urbanite with Southern sensibilities,
Benghazi: The anatomy of a scandal
Vietnam Memorial adds four names
Cinco de Mayo on the Mall
NRA kicks off annual convention