Lawmakers concerned about aftermath of an electrical grid cyberattack
A House Transportation and Infrastructure subcommittee explored what plans are in place to recover from a large-scale attack on critical infrastructure.
Lawmakers want to know what contingency plans are in place in the event of a large-scale cyberattack on critical electrical grid infrastructure. At an April 14 House hearing on the subject, they were especially interested in how federal agencies would work with local and state officials in such an emergency.
"The federal government does not have this basic planning scenario for a cyber threat to the power system," Rep. Lou Barletta (R-Pa.) said at the hearing, which was held by the House Transportation and Infrastructure Committee's Subcommittee on Economic Development, Public Buildings and Emergency Management. "[T]here is a huge disparity in what different groups think is a potential scenario for which states and local governments should prepare."
Barletta, who chairs the subcommittee, and several other members pressed the witnesses on what the consequences would be if power was out for weeks or even months because of a cyberattack. Oregon Rep. Peter A. DeFazio, the panel's ranking Democrat, voiced concerned about the loss of transformers and what the federal government can do to prepare, since it can take months for a replacement transformer to be ordered, built, delivered and installed.
Federal Emergency Management Agency Administrator Craig Fugate told legislators that contingency plans to power a community for a few days are not sufficient, and that all planning should be measured in weeks. The reason, he said, is that cyberattacks are not like hurricanes or other natural disasters; it's very difficult to predict how long a power grid taken out by cyberattack will impact the population.
"With cyber it won't be defined by political or physical boundaries," he said.
And "generators are very expensive," Fugate noted -- and especially so if they must power a community for weeks on end. "And so in many cases, there are other options such as putting in transfer switches. The idea is, what are the things that are required to keep the community up and running until power can be restored."
Richard Campbell, a Congressional Research Service specialist in energy policy, agreed. "While the U.S. electric grid has operated historically with a high level of reliability," he told the lawmakers, "the various parts of the electric power system are all vulnerable to failure due to natural, operational, or manmade events."
Rep. Albio Sires, (D-N.J.), who represents a part of New Jersey that got hit by Hurricane Sandy, said, "If I learned anything about our infrastructure, it's how unprepared we were for the storm or anything else. And there's plenty of blame to go around."
"Each event is going to be different," Patricia A. Hoffman, the Department of Energy's assistant secretary for the Office of Electricity Delivery and Energy Reliability, at told the committee. "We have to take those events and learn from them." She assured the legislators that "information sharing occurs at multiple levels," including with utility company providers.
Energy Secretary Ernest Moniz, who was not among the witness at the April 14 hearing, has also said modernization of the electrical grid's cyber defenses is extremely important and commanded the largest increase in funding in his department's research and development budget.
"We need to do a much better job of integrating IT into the grid," Moniz told a House panel on March 1. The Energy Department is seeking an $83 million increase in research and development on grid modernization, for a total planned expenditure of $378 million.