Sunday, July 26, 2009

Securing the Modern Electric Grid from Physical and Cyber Attacks
- Homeland Security Committee Hearing 7/21/2009

The Homeland Security Committee hearing Securing the Modern Electric Grid from Physical and Cyber Attacks on 7/21/2009 provided solid industry perspective on improving cyber security. Additionally, serious committee attention now is also focusing on the growing threat of physical damage from EMP (Electromagnetic Pulse) threats. An EMP attack, using one or several high attitude nuclear detonations, risks taking out all digital and electrical infrastructure across wide swaths of North America. The EMP threat is not new; however, there is growing risk of a deliberate attack from either a rouge group or nation sponsored effort, e.g. Iran sea based delivery testing for such a device with high attitude explosion. Our vulnerability to this issue serves to increase risk. EMP is a national security issue long overdue for realistic mitigation - there is a need to get beyond just studying the issue. Congress sees the potential consequences from the EMP threat as unacceptable, the cost to substantially mitigate reasonable, and is challenging industry to get after EMP risk mitigation.
  • Mr. Fabro, from Lofty Perch, helped bolster the perspective that industry is substantially improving cyber security- good technical, constructive views, recommendations and responses to congressional Q&A.

  • NERC’s CSO Mr. Assante emphasizing progress since joining NERC in September of 2008- e.g. cyber event reporting, communicating more effectively with +1800 entities, improving analysis of threats and industry alerting. He also clearly stated the grid is not immune to cyber or physical threats. and more will be done with industry engaged, factoring NIST in further CIPs development. NERC also still views a need for more FERC authority to better address the risk of immediate, severe threats in a timely manner.

  • Some committee members remain very skeptical about industry treating cyber security seriously, emphasizing concerns about being lied to by industry, lack of progress. Now questions are also focusing on what industry is really doing about the EMP threat - whether from a premeditated attack or natural in origin, e.g. solar storms. Nothing?
    - Rep. Bill Pascrell, JR’s (from NJ) plainly spoken, eviscerating comments and questions provide an instructive example of some hardball congressional Q&A (jump to about 1:16:05 in recorded hearing)

  • NERC. working with DOE, formed up special invitation-only group July 2nd to further look at high impact, low probability, or better stated - low frequency, events (EMP, solar weather, terrorism, etc)

    - An avoidable catastrophe – Opinion Commentary. – Washington Times 7/20/2009
    - Report of the Commission to Assess the Threat to the United Status from Electromagnetic Pulse (EMP) Attack, April 2008 (208 pages) - Well organized update to the 2004 report, walks through key scenarios and consequences.