Government

Report: Electrical grid cybersecurity efforts across U.S. government are ‘fragmented’

Over the last four years, the Department of Energy, the Department of Homeland Security and the Federal Energy Regulatory Commission have worked together to implement 27 different electrical grid resiliency programs, which are each designed to address a variety of security concerns.

By Chris Bing

February 27, 2017

A spokesperson for National Grid ESO — Britain’s national electricity system operator — said the organization was investigating the incident. (Getty Images)

Though federal efforts remain “fragmented,” the U.S. government has made significant progress in developing policies, programs and technologies that help protect America’s electrical grid, according to a Government Accountability Office report released Friday.

Since 2013, the Department of Energy, the Department of Homeland Security and the Federal Energy Regulatory Commission have worked together to implement 27 electrical grid resiliency programs, which are designed to address a variety of security concerns.

Broadly, the report finds that the level of coordination between these three agencies has also increased in recent years, allowing for better communication with state and private partners in addition to a more effective management of resources.

Most of the electricity grid is owned and operated by private industry.

While some of these individual, agency-specific resiliency programs naturally overlap one another, GAO found no instances of duplication; meaning that tax dollars are not being used to solve the same problems in multiple cases.

“GAO found that the 27 efforts were fragmented in that they were implemented by three agencies and addressed the same broad area of national need: enhancing the resilience of the electricity grid. However, DOE, DHS, and FERC generally tailored their efforts to contribute to their specific missions,” the report reads.

Of the 27 aforementioned programs, 15 were solely focused on strengthening cybersecurity measures. Examples of these efforts include the Energy Department’s Cybersecurity for Energy Delivery Systems Program, which aims to secure energy delivery functions across both legacy and new systems, and the Homeland Security Department’s Resilient Electric Grid Program, which promotes the use of sophisticated technology to improve both reliability and resilience.

This multitude of resiliency programs have offered new ways for the U.S. government to advance relevant emergency response, planning, research, technology development, standard setting and information sharing missions.

“In light of increasing threats to the nation’s electricity grid, national policies have stressed the importance of enhancing the grid’s resilience—its ability to adapt to changing conditions; withstand potentially disruptive events, such as the loss of power lines; and, if disrupted, to rapidly recover,” GAO wrote.

Just three months ago, Ukrainian energy company Ukrenergo experienced a cyberattack that caused widespread blackouts throughout neighborhoods just north of Kiev. Attribution in that case has yet to be made public.

Investigators told Reuters that the attackers were lurking on Ukrenergo’s IT network for at least six months, where they were working to acquire system administrator privileges to control other aspects of the company’s digital infrastructure.

A separate DOE report in January warned that U.S. energy grids are in ”imminent danger” of attack. A power outage caused by a successful future cyberattack could undermine “critical defense infrastructure,” damage the economy and place at risk the safety of U.S. citizens, the agency’s Quadrennial Energy Review noted.