Senators Want Dumber Tech For Energy Grid Cybersecurity

pan demin/Shutterstock.com

Featured eBooks
The IT Modernization Mission
Read Now

Ransomware Threat

Read Now

What's Next For Government Cloud

Read Now

Federal Agencies Exploring Computing at the Edge

Read Now
Aaron Boyd By Aaron Boyd,
Senior Editor, Nextgov

By Aaron Boyd

|

A bill to study retro approaches to preventing and mitigating the effects of cyberattacks is advancing in the Senate.

Legislation to dumb-down the nation’s electrical grid in the name of cybersecurity advanced out of a Senate committee on Thursday, bringing a retro approach to securing critical infrastructure one step closer to passage.

The Securing Energy Infrastructure Act, cosponsored by Sens. Angus King, I-Maine, and Jim Risch, R-Idaho, advanced out of the Senate Committee on Energy and Natural Resources on a voice vote. The central provision of the bill is a pilot program led by the director of the Office of Intelligence and Counterintelligence at the Energy Department, which is part of the broader intelligence community, to research ways to build redundancies and safety procedures into the power grid that do not rely on digital infrastructure.

The pilot—to begin within 180 days of the bill’s passage—would direct the national laboratories to partner with the private sector to identify potential means of digitally attacking the power grid and research ways of preventing such attacks and quickly remediating any effects.

Specifically, King and Risch want the labs to look for “retro,” or analog approaches that don’t rely on digital infrastructure or tools.

“There is a clear, demonstrable need to develop techniques and technologies to better secure our grid from cyber vulnerabilities,” Risch said after the bill passed committee. “As we reexamine our infrastructure security, this bipartisan approach would utilize the unique assets and expertise of our national laboratories to drive innovation.”

After the 2015 cyberattack on the energy infrastructure in Ukraine, grid operators were able to restore power relatively quickly using human-powered backups—analog systems, rather than digital. The senators said that incident inspired this legislation.

“I was glad to see the legislation advancing because for too long it seemed like the electric power grid has been put on the back burner in terms of solutions to try and combat state-sponsored threats and things of that nature,” said Chris Cummiskey, senior fellow at the George Washington University Center for Cyber and Homeland Security and former Homeland Security undersecretary and chief acquisition officer.

“It’s an interesting approach that people haven’t really thought of this much. You normally think of technology advancement constantly pushing the envelope and innovating. But to use an analog approach to this to ensure speed to recovery is a different way of doing it, which I don’t think folks have really thought of that much.”

Cummiskey said the energy sector was a particularly good place to try to this tactic, as much of that infrastructure is outdated and in need of modernization. But those efforts will take time, he added, and an analog tack could be a good way to bridge the gap.

James Scott, co-founder and senior fellow at the Institute for Critical Infrastructure Technology, was also pleased to see attention given to cybersecurity issues in the energy sector, though he doesn’t like the idea of looking backward for answers.

“Legislation that eschews modern systems in favor of antiquated technologies is a step in the wrong direction because it amounts to significantly crippling the U.S. energy sector instead of addressing the threats,” he said. “Regressive efforts are akin to buying a horse and buggy instead of changing a tire.”

Scott said “going retro” would mean replacing certain technologies currently being used in energy infrastructure with “less cost-effective, efficient and manageable” human-operated technologies.

“Rather than advocating for less technology, Congress should be sponsoring legislation that promotes information security and research into bleeding-edge solutions,” he said.

Cummiskey acknowledged that need, as well, but noted that analog options could be implemented sooner.

“From a decision-maker’s standpoint, when I was at Homeland Security, we would talk to the vendors all the time. We’d say, ‘We don’t care what you have to do to get this thing back up and running, just do it,’ ” he said. “It’s one of these things where, if you think that using older technologies—analog—in order to spin this thing back up is going to be more effective in the short run, then get it done and we’ll go back to the more advanced, digital approaches after you’ve resolved your issues.”

“Anything they can do to get back up as quickly as possible—I don’t think people are really going to care what the mechanism is, as long as it recovers swiftly,” he added.

The language of the bill is also included in the 2018 Intelligence Authorization Act, which is awaiting consideration by the Senate.

An identical version was introduced in the House last year and referred to the Science, Space and Technology Committee, which has yet to take up the bill.

NEXT STORY: Ransomware Attacks Decline But Number of Strains Doubled, Researchers Found

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.