Senators and other energy sector officials warned Wednesday that foreign adversaries are continuing to target the U.S. electric grid, noting that the COVID-19 pandemic has only underscored the dangers.
“The threat of cyberattacks by foreign adversaries and other sophisticated entities is real and it’s growing,” Senate Energy and Natural Resources Committee Chairman Lisa Murkowski (R-Alaska) said Wednesday during a committee hearing on cyber threats to the grid. “The COVID-19 pandemic has created a unique opportunity for cyber criminals to attack our networks, including critical energy infrastructure.”
Murkowski pointed to concerns over Russian targeting of the Ukrainian power grid in 2015, and to recently announced indictments by the Department of Justice against two Chinese hackers for targeting a wide range of groups including a Department of Energy site. ADVERTISEMENT
“We all know the stakes here,” Murkowski said. “A successful hack could shut down power, impacting hospitals, banks, gas pumps, military installations and cell phone service. The consequences would be widespread and devastating, and only more so if we are in the midst of a global pandemic.”
Sen. Joe Manchin (D-W.V.), the ranking member of the committee, warned during the same hearing that “threats to federal infrastructure are serious and increasing daily.”
“The COVID-19 crisis has made our nation and the world acutely aware of the consequences of being underprepared for a catastrophic event,” Manchin said. “The pandemic has forced the energy industry to adapt to new challenges and vulnerabilities with more employees working remotely.”
The senators’ concerns came on the heels of the National Security Agency (NSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issuing an alert in July warning that foreign hackers were zeroing in on critical infrastructure through targeting internet-connected operational technology (OT) assets.
“Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to US interests or retaliate for perceived US aggression,” the agencies wrote in the alert. ADVERTISEMENT
Even before thE alert, foreign cyber threats to the power grid were not new. Former Director of National Intelligence Daniel Coats warned in the 2019 Worldwide Threats Assessment that Russia, China and Iran all had the capabilities to launch cyberattacks that “cause localized, temporary disruptive effects on critical infrastructure.”
The Cyberspace Solarium Commission (CSC) – a congressionally-established group composed of federal officials, members of Congress and industry leaders – put out recommendations earlier this year for defending the U.S. in cyberspace and preventing a crippling nationwide cyberattack, such as one on the energy sector.
CSC Co-Chair Sen. Angus King (I-Maine) testified Wednesday that the pandemic had taught the nation that “the unthinkable can happen.”
“A significant cyberattack is not unthinkable, we know that it is being planned, and we know that it is happening today,” King said. “I spoke recently to a utility sector executive who told me his system is attacked 3 million times a day, now, today, so this is not an abstract issue, this is something that we have to address.”
Steven Connor, the president of Siemens Energy, Inc., which produces energy equipment that supports one third of the nation’s daily energy needs, confirmed the constant targeting, testifying to the committee on Wednesday that “we get attacked thousands of times per day.”ADVERTISEMENT
Siemens recently announced it was partnering with the New York Power Authority to establish a cybersecurity Center of Excellence that is meant to help defend against cyberattacks on critical infrastructure.
Officials agreed Wednesday that this type of public-private partnership was necessary to respond to the increasing attacks, particularly as foreign actors step up their efforts to target the energy sector.
Alexander Gates, senior advisor at the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), testified Wednesday that “still more action is needed” in this space.
“Cyber threats to the sector are real and outpacing our collective solutions,” he warned.