May 04, 2023
WASHINGTON, D.C. – U.S. Senator Angus King (I-Maine), Co-Chair of the Cyberspace Solarium Commission, today asked top energy officials if enough is being done to protect American utilities from hackers and other bad actors. In a hearing of the Senate Energy and Natural Resources (ENR) Committee, King pressed Willie Phillips, Chairman of the Federal Energy Regulatory Commission (FERC), and Allison Clements, the Commissioner of FERC, to ensure there are proper safeguards and prevention methods protecting the American electric grid from foreign interference.
King began his questioning by asking Chairman Phillips to grade our current cybersecurity standards.
“Are you satisfied with the cyber standards of the utilities? Are you satisfied that they're taking the requisite actions in order to protect? Because clearly in a conflict, I think GPS will be the first to go, and probably the electric system will be the second level of target. Are you satisfied of where the industry is?” Senator King asked.
“I give our grade on cybersecurity right now an “incomplete.” I think we still have work to do. Our cybersecurity standards, they are a flawed. They provide, I believe, some of the best practices. We have a two pronged approach, just to be clear. When it comes to cybersecurity. We have mandatory reliability standards, and we also work with states. We work with utilities. We have audits. We have tabletop exercises. It is, I believe, the number one priority for us to secure the cyber and physical security of our grid.” Chairman Phillips said.
King then asked Commissioner Clements if FERC “verifies” the current cybersecurity prevention standards in place.
King asked, “The thing that I didn't hear when you listed all those things, I'm all for standards, but President Reagan said “trust but verify,” and I want to know what's being done for verification. I remember having a hearing several years ago with NERC, and I said, do you [penetration] test or red team your utilities? And the answer was “no.” And I was shocked at that. Has that changed? Do you know? Are the utilities hiring hackers for hire to demonstrate whether or not they're secure? Because you can meet all the standards and there's nothing like a skull and crossbones coming up on the CEO's desktop to remind him or her that they're not actually secure. Ms. Clements, is there PEN testing going on and red teaming?”
“My understanding is yet, yes. There are various types of that happening, both via with commission staff support, with work staff support, as well as outside of that. I think I'm encouraged by the progress that government agencies have been making working together as well as working with private industry related to chasing after this evolving threat. I think our standards are good foundational safeguards,” Commissioner Clements responded.
As Co-Chair of the Cyberspace Solarium Commission (CSC), and a member of the Senate Armed Services, Energy, and Intelligence Committees, Senator King is recognized as one of Congress’ leading experts on cyberdefense – especially as the nation upgrades and updates its energy infrastructure. Since it officially launched in April 2019, dozens of CSC recommendations have been enacted into law, including the creation of a National Cyber Director.