Senators spar with power industry: Is it safe from cyberattack?
A Senate hearing on protecting the power grid and other crucial infrastructure from cyberattack pivots on the question: Should federal cybersecurity standards be voluntary?
A hearing on Capitol Hill Tuesday highlighted the split among lawmakers that has cast into doubt the prospects for cybersecurity legislation that experts say is urgently needed to protect America's vital infrastructure.Skip to next paragraph
Subscribe Today to the Monitor
At the Senate hearing, industry and government officials recounted steps taken so far to protect the power grid from cyberattacks, such as establishing the definition of what constitutes a "critical cyber asset" and the revision of preliminary cybersecurity standards currently in place.
But critics said the moves are insufficient and implored senators to take more forceful steps to secure the nation's infrastructure against the rising threat of cyberattack.
The electric grid’s "reliance on IT systems and networks exposes it to potential and known cybersecurity vulnerabilities, which could be exploited by attackers," Gregory Wilshusen, director of information security issues for the Government Accountability Office (GAO) said in his prepared remarks. Yet because most steps have been purely voluntary, he added, there is "a lack of a coordinated approach to monitor whether industry follows voluntary standards."
The difference of opinion over whether federal cybersecurity standards should be voluntary or mandatory for private companies is at the heart of two different bills pending in the Senate.
One, sponsored by Sen. John McCain (R) of Arizona, focuses on information sharing and voluntary measures. The other, sponsored by Sen. Joe Lieberman (I) of Connecticut and Susan Collins (R) of Maine and backed by the White House, includes federal mandates that utilities must obey and gives government new authority to protect the power grid.
Senate majority leader Harry Reid (D) of Nevada has said he would like to bring a cybersecurity bill to a vote before the August recess. A House bill passed this spring focuses on information sharing but includes no requirements for protecting critical cyberassets.
Some experts took a dim view of the congressional proceedings Tuesday.
"The big industry strategy is to block Lieberman-Collins because they fear regulation," says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. "Today's hearings are mainly political theater so the industry guys can come in and say everything is fine – go back to sleep."
Behind closed doors, national security hawks appear to be ramping up pressure on Congress to push through tough cyber legislation.