SEL Chief Operating Officer Dave Whitehead testified before the U.S. Senate Committee on Energy and Natural Resources on Thursday, February 14, 2019. The hearing, The Status and Outlook for Cybersecurity Efforts in the Energy Industry, explored current efforts to protect our energy infrastructure from cyber threats and attacks. Bringing the nation’s natural gas pipelines under the same level of regulatory security afforded the electric grid was an important part of the discussion. In addition to Whitehead, the hearing featured FERC Chairman Neil Chatterjee; DOE Assistant Secretary for Cybersecurity, Energy Security, and Emergency Response Karen Evans; and representatives from NERC and the West Virginia National Guard.
Whitehead’s testimony highlighted three topics he believes are critical to the cybersecurity challenges we face in the energy industry, and our nation.
- The role of government—Teaching the Threat. “Clearly, our adversaries are becoming more sophisticated in the way they target our critical infrastructure. We are constantly having to evolve our thinking and innovate against these threats. At SEL, and other like companies, we have some of the best engineers in the world doing just that. What we do not possess is access to the vast and sophisticated intelligence and information gathering that exists in our country. The U.S. Government has the capabilities to identify, classify, and communicate these threats. Sharing information with asset owners and equipment manufactures through a just-in-time approach, is critical to keeping our systems and electrical infrastructure safe.”
- Balancing regulation and innovation. “Innovation and regulation do not have to be at odds with each other. Regulations, however, are often implemented as a reaction to an undesired event. Developing a regulation may be fine to address static situations, but cyber is a dynamically changing environment. As soon as a regulation is enacted to address a specific issue or event, bad actors are already looking for other avenues of exploitation. Regulations have the capacity to limit how an institution may go about solving a problem. For example, if a new and innovative solution does not conform to regulations but is the best way to address a security element at a company, the company may choose not to employ the solution, or worse, be fined for noncompliance if they chose to use that solution. Further, regulations will never be able to anticipate new and innovative solutions."
- The Industry’s active pursuit of solutions. "There is so much cutting-edge work being done in our industry to keep ahead of cyber threats. During the past 35 years since the development of our first product, SEL has continuously advanced our cyber security solutions. As systems became more integrated, we moved to a security-in-depth approach—building layers of security so that systems are not dependent on one security feature, but instead consist of many layers. And solutions range from simple to very sophisticated. I remind folks to never connect critical infrastructure to the internet; audit this—a simple solution. Software-Defined Networking is emerging as the solution for engineered and cyber-secured industrial networking."
Click these links to read the full transcript of the hearing or to watch the video:
If you have questions, please contact SEL Communications Manager Kate Wilhite.