A “dumb” grid is the smartest way to go to keep would-be hackers from bringing down power plants.
That’s the message that solar energy proponents are planning to convey to senators ahead of the Senate taking up a major cybersecurity bill, expected next week.
The bill, which would push cooperation between the government and the private sector on cybersecurity issues, is backed by the utility industry, but a host of amendments are being proposed that they want kept out of the measure. Meanwhile, renewable energy proponents don’t want anything added to the bill that could make the nation’s electric grid more vulnerable.
Related Story: http://www.washingtonexaminer.com/article/2574118/
Scott Sklar, a long-time renewable energy expert and head of the Global Solar Initiative, said he is using the bill to educate lawmakers on the very real threat of cyber attacks that are not always associated with keeping the lights on or with integrating more renewables.
Sklar’s main point is that making the grid “smarter” isn’t the best route when considering threats coming from the Internet.
It’s important when considering the thousands of solar energy panels being deployed across the nation, which, just like conventional power plants, have electronic control systems that are connected to the web, he said.
Grid control systems, known as SCADA systems, are tied to the web, and “in some cases you can interface with … power generation,” Sklar said. He said that tie to generation should be eliminated almost entirely.
“If you have a smarter grid, why don’t you not tie into a web-enabled system,” but instead use “a dumb dedicated” system, with limited connection to the Internet, he said.
The Obama administration has made the creation of a web-enabled power grid, known as the “smart grid,” a priority, and has doled out billions of dollars to get the ball rolling.
Although Sklar supports such initiatives, policymakers have to make some important distinctions between what they are making smart and what needs to stay dumb as a matter of making the grid safe, which dovetails with national security.
Large utility trade groups such as the Edison Electric Institute support the cyber bill, which seeks to address national security threats.
The bill, the Cybersecurity Information Sharing Act of 2015, does what the title suggests: it provides an open channel of communication between businesses and the federal government to coordinate private and public efforts to protect critical infrastructure, the banking and financial system and all other sectors.
The trade groups say a number of amendments that they oppose are set to be brought up when the bill hits the floor. The primary measure that utilities say is a nonstarter, floated by Democratic Sen. Patrick Leahy of Vermont, makes them susceptible to Freedom of Information Act requests.
The industry doesn’t want someone being able to see sensitive records through a FOIA request, which reporters, non-governmental organizations and others commonly use to get information from the government. That could jeopardize their businesses and make the grid more vulnerable, the industry says.
“Protection against public disclosure of cyber threat information shared with the federal government is an essential private-sector incentive in [the bill],” the Edison Electric Institute said in a joint statement with several other utility trade organizations. “Eliminating all specific references to FOIA protections from the bill would have a chilling effect on voluntary information sharing, undermining public-private security partnership efforts and thus potentially making critical infrastructure more vulnerable to cyber attacks.”
“Further, Leahy would remove any protection against disclosure under state, local, and tribal laws.”
Other sectors, represented by large technology companies Google, Yahoo, and Facebook, do not support the bill. They say it is too heavy handed in its support of defense mechanisms that would ultimately harm third parties, while making private data available to the government. That would not achieve the goal of preventing cyber attacks, the companies say.
Evan Greer, who runs the Fight for the Future campaign opposing the bill in line with the tech firms, said the bill could hurt power generators, too.
“If, for example, an energy company shares data about an attack with the government, which then shares it amongst various agencies who have a proven track record of poor security, it could actually make that energy company more vulnerable to an attack,” he said.
