Energy Secretary Rick Perry’s cybersecurity office has convened the first meeting of a new “tri-sector” federal task force with industry to find gaps in defending the nation’s energy grid against cyberattacks, an official revealed Thursday.
“We just held our first meeting, altogether, last week,” said Karen Evans, the head of the Office of Cybersecurity, Energy Security, and Emergency Response, testifying Thursday before the House Energy and Commerce Committee.
Evans explained that the task force was recommended by a presidential advisory group to better coordinate the federal government’s response with industry when it came to defending the nation’s infrastructure from attack, she explained.
The tri-sector group brings together the Energy Department with the Departments of Transportation and Homeland Security, together with the utility, banking, and telecom sectors to better coordinate a federal response, she explained after being asked for an update on the task force by Rep. Bill Johnson, R-Ohio.
The utilities have been working with the Department of Energy through a special coordination group on grid security started under the Obama administration. But the banking and communications sectors have been a more recent addition.
The Grid-Ex exercises that the government does with industry every two years have begun coordinating more with other sectors outside of the utilities in the cyber attack drills in recent years. The financial sector is vulnerable to grid attack, which has the potential to upset the economy and send the markets into free fall, according to experts.
Evans told the committee that banking giant JPMorgan Chase is the lead representative for the financial sector on the tri-sector group.
The telecommunications and wireless sector is also vulnerable to cyber attack, and is represented on the tri-sector panel by telecom giant AT&T.
The task force is meant to come together with government to understand what is considered “critical” across all three sectors when it comes to infrastructure that is vulnerable to attack.
“We’re talking about the modeling of what it’s going to take for the North American grid, so that we can deal with these issues, and where are the interdependencies,” Evans said.
She said that the process could expose “gaps” in the federal response, which will trigger the departments to take appropriate steps to address those problems with Congress and others.
Evans also said that the agency is about to take the next step in a cybersecurity exercise with the states next month, which is expected to show where improvements can be made in the national response to a cyber attack.
The grid attack exercise, called Liberty Eclipse, was started in 2016 to create a better state and local response to a cyber incident.
“I find that the exercises are critical,” said Evans. “You don’t know what you don’t know until you exercise the plan.”
When an actual emergency is happening, “is not the time to exercise the plan,” she added.
Liberty Eclipse will help identify both gaps at the federal and state level, and with industry, in responding to an emergency, she said.
Improvements to the state and federal response will be tested out in the upcoming exercise slated for the end of October, she said.
