Senate Hearing Highlights Grid Defense
On March 1, CREDC Co-PI William H. Sanders was part of a hearing in front of the U.S. Senate that advocated for the Federal Energy Regulatory Commission to stop issuing new cybersecurity standards to allow the electric industry to develop innovative defenses to vulnerable industrial control systems. The hearing also encouraged the National Guard to be prepared to respond in case of a successful attack.
Sanders and other witnesses, including Robert M. Lee, CREDC advisory board member and CEO of Dragos, Inc., pointed out the differences between attacks on utilites' information technology systems and those on operational technology systems such as supervisory control and data acquisition (SCADA).
“Fortunately, the successful attacks to date have largely been concentrated on utility business systems, as opposed to monitoring and control systems, in part because the operational technology systems have fewer attack surfaces, fewer users with more limited privileges, greater use of encryption, and more use of analog technology,” said Sanders. “However, there is a substantial and growing risk of a successful breach of operational technology systems, and the potential impacts of such a breach could be significant.”
Sanders also stated that the Department of Homeland Security and researchers should focus their research and development projects on developing six capabilities: continuous data collection, fusion of sensor data, visualization, analytics, restoration, and post-event tools.