Safeguarding electric infrastructure takes center stage at DOE’s inaugural SEAB meeting
The Department of Energy (DOE) held its inaugural Secretary of Energy Advisory Board (SEAB) meeting under new secretary Jennifer M. Granholm, at which cybersecurity experts presented a grim picture of the cybersecurity threats that lurk in the nation’s electric infrastructure.
The SEAB provides advice and recommendations to the Secretary of Energy on the Administration’s energy policies, the Department’s basic and applied research and development activities, economic and national security policy, and on any other activities and operations of the Department of Energy, as the Secretary may direct. The duties of the Board are solely advisory.
The SEAB is currently made up of a diverse group of experts from outside the DOE, including former DOE officials and pioneering thought leaders, and nuclear experts. The SEAB members represent academic institutions, labor unions, utility companies, energy equipment manufacturers, low-income consumers, and non-governmental organizations. Their terms expire in August 2023.
Neither IT nor OT networks can be fully protected from cyberattacks, Joseph Weiss PE, managing partner at Applied Control Solutions, told the advisory board. “Consequently, a paradigm change is needed to protect crucial infrastructures. My suggested approach is essentially ‘back-to-the-future’ by monitoring the electrical characteristics of the process sensors out-of-band (not connected to any Internet networks) in real-time. Engineers have used this approach for monitoring equipment health (process anomaly detection) for many years. Until recently, the approach was not applied to cyber security as the requisite machine learning wasn’t available.”
Out-of-band process sensor monitoring results in isolating the process sensor measurements from network malware whether coming from the IT or OT networks, according to Weiss.
“This approach can help justify continued facility operation during ransomware attacks as the malware cannot reach the process sensor monitoring. Meanwhile, the process sensor monitoring continues to provide a real-time status of the operations. Additionally, process sensor monitoring provides a predictive maintenance capability that improves productivity and safety. Others have recognized the value of this approach,” he added.
Michael Mabee, a private citizen who conducts public interest research on the security of the electric grid, pointed out in his statement to the SEAB that there has been talking about securing critical electric infrastructure for over four decades from the very threats currently faced.
“After decades of self‐regulation and pleading for voluntary actions, the U.S. is still vulnerable to all of these threats and now is imminently threatened by both adversaries and nature,” Mabee said. “To protect our national security from these imminent threats, the U.S. must immediately make protection of the critical electric infrastructure against these known threats mandatory.”
Mabee also recommended that through a Presidential Executive Order and a Department of Energy Emergency Order, protection of the entire electric grid against known threats must be made mandatory. He also called upon Congress to enact legislation mandating that reasonably prudent actions on cybersecurity, physical security, EMP/GMD protective measures, and hardening for severe weather events be taken by all entities, public or private sector, that is part of the critical electric infrastructure. These measures must be certified periodically by the Chief Executive Officer of each such critical electric infrastructure entity.
“The security of the electric grid against known threats is a true national emergency. The threats are here. They are real and we are out of time,” Mabee added.
A group of policy, energy, and national security experts, legislators, and industry insiders who are dedicated to strengthening the resilience of America’s electrical grid, The Secure the Grid Coalition said in its statement to the SEAB, “Our Coalition respectfully recommends that whistleblower protections be broadened to include all employees, contractors, and subcontractors of the Electric Energy Complex, owned and/or controlled in both public and private sectors. This can save many lives and bring energy sector employees/contractors in line with protections afforded other American workers.”
“Because of the horrific consequences attendant in faulty operation or unheeded proper practices in the nuclear energy segment, nuclear energy workers have protections that have not been afforded to others in the Energy Complex writ large,” the Secure the Grid Coalition pointed out. “However, this ignores the universally known fact that safe operation of nuclear power plants depends upon offsite power delivery to for safety systems that support the reactors and cool spent fuel cooling. Grid operators involved in providing offsite power delivery to nuclear plants do not have whistleblower protections.”
The Secure the Grid Coalition asked that the class of workers afforded whistleblower protections be broadened to include all workers in the energy complex. “When we think about securing our electric grid, sunlight and transparency certainly bring accountability, but they also bring attention to potential risks to our public safety, and to our national security,” it added.
Last month, the DOE and the National Renewable Energy Lab (NREL) launch the Clean Energy Cybersecurity Accelerator, a technology partnership of federal experts, industry partners in the energy sector, and innovators to accelerate the development of new cybersecurity solutions for the nation’s evolving grid. The program will support efforts to modernize the grid, address cybersecurity vulnerabilities, and create a grid that will withstand the transition to a clean energy economy in the effort to reach net-zero emissions by 2050.
Related
