U.S. electric power utilities are facing, in some cases, a constant threat from cybersecurity breaches on critical infrastructure, according to a report by two Democratic lawmakers.
Representatives Henry Waxman (D-Calif.) and Ed Markey (D-Mass.) and issued their report May 21 during a House Energy and Commerce Committee meeting on cyber attacks and cybersecurity.
The report, titled “Electric Grid Vulnerability: Industry Responses Reveal Security Gaps,” surveyed about 160 utilities and recorded their experiences with maintaining reliable electric service in the face of cyber attacks.
A handful of surveyed utilities said they experienced attacks on a daily, frequent or constant basis. Cyber criminals or activist hackers are targeting the energy sector, and have been doing so for the past few years, according to the report.
The Obama administration has been warning about cyber attacks against the power grid for about a year now, and has directed the applicable federal agencies to draft of new cybersecurity standards.
The survey by Waxman and Markey has drawn the notice of several trade groups in the electric utility sector.
The American Public Power Association (APPA) said the report did not credit the energy sector with having done enough to protect infrastructure from attack.
"In fact, many of the questions asked of utilities for the report were so specific and confidential in nature that for security reasons, they could not be answered by our members for fear of potentially violating the very standards with which the government has mandated us to comply," according to a statement by the APPA. "Drawing such broad conclusions about the electric sector’s, and public power’s, level of security is therefore misleading."
The utility industry, according to the APPA, is held to a higher standard than many other industries already when it comes to cybersecurity.
"As Representatives Waxman and Markey admit in their report, the electric utility industry must comply with an extensive list of mandatory cybersecurity standards. It is important to note in fact, that the electric and nuclear industries are the only critical infrastructures that have such mandatory standards in place," according to the APPA. "As an industry, we continue to closely coordinate at high levels both amongst members of our industry and with the federal government on cyber and physical security. We will continue to utilize and strengthen those relationships as we respond to evolving threats."
The National Rural Electric Cooperative Association said Waxman and Markey's report was too alarmist in tone.
"Press statements such as the one issued this morning by Rep. Markey may generate headlines in an election year but do little to further the cause; in fact they serve to divide industry and government at a time when cooperation is in America’s best interest," according to a statement by NRECA. "In an environment where the risks change rapidly, better information sharing and continuously up-dated training will do far more to protect the nation’s electric system than partisan fear mongering for political advantage."