Senate Holds Hearing Exploring Means to Strengthening Cybersecurity in the Energy Sector

The Senate Committee on Energy and Natural Resources recently held a hearing “To Examine Efforts to Improve Cybersecurity for the Energy Sector.” The hearing served as a deep dive into federal and industry efforts to advance cybersecurity infrastructure within the energy sector. This includes looking for ways to improve expanding the networks of partners to work together on initiatives related to the protection of cybersecurity and other critical infrastructures. As Committee Chairwoman Lisa Murkowski noted in discussing the importance of the hearing, “A successful hack could shut down power, impacting hospitals, banks, gas pumps, military installations, and cell phone service. The consequences would be widespread and devastating, and only more so if we are in the midst of a global pandemic.”
 
The hearing heard testimony from witnesses representing both industry and the federal government, including:

• Mr. Alexander Gates, Senior Advisor, Office of Policy for Cybersecurity, Energy Security, & Emergency Response, U.S. Department of Energy (DOE)
• Mr. Joseph McClelland, Director, Office of Energy Infrastructure Security, Federal Energy Regulatory Commission (FERC)
• Mr. Steve Conner, President and CEO, Siemens Energy, Inc.
• Mr. Thomas F. O'Brien, Senior Vice President and Chief Information Officer, PJM Interconnection 

A key aspect of protecting cybersecurity in the energy sector revolves around the implementation of standards. As Mr. McClelland explained, the FERC has established Critical Infrastructure Protection (CIP) Reliability Standards. These standards are a living infrastructure that are updated on necessary on an ongoing basis, and serve to “establish a baseline to address such critical and fundamental matters as security management controls, protection of removable media, patch management, personnel training, and cyber incident reporting.” In a direct indication of the constantly evolving nature of these standards, McClelland also discussed the recent development of new CIP Reliability Standards specifically established to help monitor risk to supply chain cyber assets in the wake of disruptions due to Covid-19.
 
Industry is also concerned about the risk to supply chain cybersecurity. In his remarks, Mr. Conner noted that close collaboration through close collaboration with the federal government and standards developing bodies. Mr. Conner noted that Siemens has implemented standard language in their contracts that specifically address supply chain cybersecurity to ensure that all aspects of product design, manufacturing and delivery adhere to the relevant standards.
 
Along with the implementation of standards, the importance of public-private partnerships between government and non-government entities was a recurring theme throughout the hearing, with both the industry and federal entities referencing multiple different partnerships that they share. As Mr. O’Brien stated, “The importance of working across the industry, and with our state and federal government partners…to share threat information and best practices cannot be overstated. Threat intelligence and learning from others in relation to threats and prevention is critical to managing any cybersecurity program.”
 
This sentiment was repeated from the government perspective, with Mr. Gates also noting the importance of partnering with state governments to ensure this preparedness extends at all levels of government.
 
For further information you can view an archived webcast of the hearing.