Why the Energy Department needs a cyber program

Lawmakers got some reassurance that the Energy Department's new cyber unit was a good organizational move.

On Feb. 14, Energy Secretary Rick Perry announced a new cybersecurity office -- the Office of Cybersecurity, Energy Security, and Emergency Response. The department is seeking $96 million in funding for fiscal 2019 for coordinating preparation for physical and cyber threats critical infrastructure.

But some lawmakers at a March 1 hearing of the Senate Energy and Natural Resources Committee were skeptical that the new office dovetailed with governmentwide efforts to incorporate cybersecurity across all system operations.

Assistant Secretary Bruce Walker, head of DOE's Office of Electricity and Energy Reliability, said the proposed office is "distinct" because the program is meant to be "actionable, near-term and highly responsive," while the rest of the Energy Department's reliability efforts focus on longer-term strategies and research and development.

The Office of Electricity and Energy Reliability is also responsible for developing a North American energy systems model that can do enhanced and contingency analysis to remediate "when a significant infrastructure, whether it be gas or electric or petroleum, goes offline" and help inform infrastructure investments in operations and maintenance nationwide, Walker said.

The Energy Department was designated by Congress as the sector-specific agency for grid security under the Fixing America's Surface Transportation Act. "Just that strategy alone in identifying and working through the defense critical energy infrastructure is a significant undertaking both in breadth and depth," Walker said.

In her opening statement, Sen. Maria Cantwell (D-Wash.) committee ranking member, told Walker that she and her colleague Sen. Ron Wyden (D-Ore.) were still waiting for cybersecurity threat assessments about the vulnerability of the U.S. energy infrastructure. The two had asked President Donald Trump for an assessment in March 2017.

"We are just dead serious that this is a problem. And we are dead serious that we have to come up with a threat assessment," she said.

Sen. Lisa Murkowski (R-Alaska), the committee chair, said that solutions to cybersecurity threats and resiliency "may not require more regulation, but rather more common sense and cooperation."