Senate Energy Natural Resources Committee Examines Cyberattack Readiness of the US Bulk-Power System

Aug 18, 2020

Reading Time : 3 min

Committee Chair, Sen. Lisa Murkowski (R-AK), opened the hearing by noting the importance of cybersecurity and observing that cyberattacks on the power grid are “near-constant and only growing more sophisticated.” Nor are such attacks confined to the power grid; the Senator mentioned recent attacks on both the DOE’s Hanford Site and on a facility working on a COVID-19 vaccine. Ranking Member Sen. Joe Manchin (D-WV) observed in his opening remarks that the issue is particularly pressing, as the prevalence of remote work due to COVID-19 has increased the opportunities for cyberattacks in both the power industry and elsewhere.

Questions from the Committee to the witnesses reflected the multifaceted nature of cybersecurity and the wide range of interests involved, addressing, among other things, the need for penetration and “red-team” exercises to test cyber preparedness, the resiliency of utility communications infrastructure, the need to protect natural gas infrastructure as well as the electric grid, the benefits and drawbacks of distributed generation from a cybersecurity perspective, and the simultaneous need for both increased transparency and increased security when dealing with critical infrastructure. Sen. Murkowski also expressed particular concern for the “soft underbelly” of the grid, namely the smaller utilities, such as municipals and cooperatives, which may not have the resources to devote to cybersecurity.

The Committee also asked the witnesses about the implementation of Executive Order 13920. Mr. Gates noted that the DOE has been actively engaging with the industry, and has held more than 90 calls with asset owners and manufacturers. Mr. Gates touted CESER’s Cybersecurity Testing for Resilient Industrial Control Systems (CyTRICS) program as a key part of the implementation of the Executive Order. CyTRICS will be used to test components in electric grid control systems to identify supply chain and systemic risks. Mr. Gates also outlined the four “pillars” of the DOE’s implementation of the Executive Order:

  • Prohibiting particular foreign adversaries from supplying particular BPS electric equipment.
  • Establishing a list of pre-qualified vendors of BPS electric equipment.
  • Developing advisory recommendations for the identification, isolation, monitoring and replacement of at-risk equipment currently on the BPS.
  • Presiding over the new Task Force on Federal Energy Infrastructure Procurement Policies Related to National Security.

Speaking for PJM, Mr. O’Brien noted that the biggest cybersecurity risk to the nation’s largest grid operator is its members. Although PJM itself has devoted considerable resources to cybersecurity, it cannot ensure the integrity of the data it receives from its membership, nor protect the communications infrastructure that provides that data. He observed that the North American Electric Reliability Corporation (NERC) Cybersecurity Supply Chain Risk Management standard, which PJM supports, is set to take effect in PJM and all other North American Independent System Operators and Regional Transmission Organizations (ISOs/RTOs) on October 1, 2020. He emphasized, however, the need for supply chain standards and practices to evolve constantly. With regard to the Executive Order, he urged caution, noting that although ISOs/RTOs own few electric assets, the Executive Order could have significant impacts on operations, markets and planning. PJM therefore agrees that a “surgical approach must be utilized.”

Mr. Conner of Siemens Energy responded to questions from Sen. Bill Cassidy (R-LA) about his company’s supply chain protection measures. Sen. Cassidy was particularly concerned with counterfeit goods and/or the possibility of tiny microchips being inserted in goods originating in or even passing through China. Mr. Conner responded that Siemens Energy’s U.S. operations use a preapproved vendor list and rigorous testing to counter such threats. Mr. Conner’s written testimony detailed the company’s supply chain security measures.

Mr. McClelland discussed FERC’s two-pronged approach to cybersecurity, with one side being NERC’s Critical Infrastructure Protection standards and the other being the creation of OEIS. Mr. McClelland also discussed the issue of critical infrastructure information with the Committee at some length. There appears to be momentum building to support more restricted access to Critical Energy Infrastructure Information, though there has never been a documented deliberate leak of such information under the current rules.

Share This Insight

Previous Entries

Speaking Energy

August 07, 2024

*Thank you to JaKell Larson, 2024 Akin Summer Associate, for her valuable collaboration on this article.

...

Read More

Speaking Energy

July 31, 2024

Interstate oil, liquid and refined products pipelines regulated by the Federal Energy Regulatory Commission (FERC) will soon be able to raise their transportation rates (provided they were set using FERC’s popular Index rate methodology) in the wake of a significant new decision by the District of Columbia Circuit (the D.C. Circuit) in Liquid Energy Pipeline Association v. FERC (LEPA).

...

Read More

Speaking Energy

July 29, 2024

On Wednesday, July 24, 2024, the U.S. House of Representative Committee on Energy and Commerce held a Subcommittee on Energy, Climate, and Grid Security hearing to review the Federal Energy Regulatory Commission (FERC or Commission) Fiscal Year 2025 Budget Request. Members of the Subcommittee had the opportunity to hear testimony from all five Commissioners, including FERC Chairman Willie Phillips and Commissioner Mark Christie, as well as the three recently confirmed commissioners, David Rosner, Lindsay See and Judy Chang. In addition to their prepared remarks, the five commissioners answered questions on FERC’s mandate to provide affordable and reliable electricity and natural gas services nationwide, while also ensuring it fulfills its primary mission of maintaining just and reasonable rates.

...

Read More

Speaking Energy

July 29, 2024

On July 9, 2024, the U.S. Court of the Appeals for the D.C. Circuit held that the Federal Energy Regulatory Commission (FERC or the Commission) erred in ordering refunds for certain bilateral spot market transactions in the Western Energy Coordinating Council (WECC) region that exceeded the $1,000/megawatt-hour (MWh) “soft” price cap for such sales.1 Finding FERC failed to conduct a “Mobile-Sierra public-interest analysis” before “altering” those contracts by ordering refunds, the court vacated FERC’s orders and remanded the case to FERC for further proceedings.2

...

Read More

Speaking Energy

July 8, 2024

On June 28, 2024, in Loper Bright Enterprises v. Raimondo, the U.S. Supreme Court overruled Chevron U.S.A. Inc. v. Natural Resources Defense Council, Inc., which for 40 years required court deference to reasonable agency interpretations of federal statutes in certain circumstances, even when the reviewing court would read the statute differently. The Court ended “Chevron deference” and held that courts “must exercise their independent judgment in deciding whether an agency has acted within its statutory authority.” In doing so, the Court upended a longstanding principle of administrative law that is likely to make agency decisions more susceptible to challenge in the courts.

...

Read More

Speaking Energy

July 3, 2024

We are pleased to share a recording of Akin and ICF’s recently presented “Powering Progress: Decoding FERC Order No. 1920” webinar, along with the program materials.

...

Read More

Speaking Energy

June 12, 2024

Join projects & energy transition partner Ben Reiter at Infocast's Transmission & Interconnection Summit, where he will moderate the “Dealing with the Impacts of Increased Interconnection Request Requirements and Costs” panel.

...

Read More

Speaking Energy

June 4, 2024

Join projects & energy transition partners Hayden Harms and Vanessa Wilson at Infocast's RNG & SAF Capital Markets Summit, where Hayden will moderate the "Investor Perspectives: Private Equity, Infrastructure Funds, & Strategies" panel, and Vanessa will moderate the "Opportunities in Other Biogas/Fuels Markets" panel.

...

Read More

© 2024 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.