By Juliana Gruenwald
September 11, 2008
A House Energy and Commerce subcommittee is aiming to take up
legislation next week that would provide the Federal Energy Regulatory
Commission with additional authority to help protect the nation's power
grid from a cyberattack.
During a hearing before the Energy and Commerce Energy and Air Quality
Subcommittee, several witnesses and lawmakers argued that the threat to
the nation's power grid from cyberattacks is real and urged lawmakers to
enact legislation to give FERC additional powers to order utilities to
take the necessary steps to address the problem.
"The Department of Energy regularly discovers new vulnerabilities in the
control systems employed by many utilities," said Kevin Kolevar, the
department's assistant secretary for electricity delivery and energy
reliability. "This is not hyperbole ... cyberattacks against control
systems have occurred and they are becoming increasingly sophisticated."
FERC argues that current law is inadequate to allow the agency to take
action to protect against cybersecurity attacks in a timely and
confidential manner. And while the North American Electric Reliability
Corp., the industry self-regulatory group overseen by FERC, issued an
advisory in 2007 to 1,800 power operators and owners outlining immediate
and longer term steps they should take to address cybersecurity
vulnerabilities, compliance with the advisory was voluntary. A recent
FERC audit of 30 utilities found that most were not in compliance with
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!