From: The Hill
By Zack Colman
With both Republicans and Democrats advocating for improved cybersecurity in their platforms, an Obama official on Wednesday called on Congress to approve new federal authority to manage cybersecurity on the electric grid.
The need for mitigating cybersecurity at the electric utility level is urgent, Federal Energy Regulatory Commission Chairman Jon Wellinghoff said Wednesday at a media event hosted by IHS’s The Energy Daily in Washington, D.C. Congress has so far failed to ensure regulators can respond to or alleviate “very concerning” threats, he said.
“Nobody has adequate authority with respect to both the electric and the gas infrastructure in this country regarding known vulnerabilities,” said Wellinghoff, who is a Democrat. “If I had a cyber threat that was revealed to me in a letter tomorrow, there is little I could do the next day to ensure that that threat was mitigated effectively by the utilities that were targeted.”
Wellinghoff has made such statements before. But with cybersecurity legislation stalled in Congress, Wellinghoff — whose chairmanship could be in jeopardy if GOP presidential candidate Mitt Romney wins the Nov. 6 election — will likely need to take that message beyond this session.
Though Democrats and the GOP both included cybersecurity in their convention platforms, they disagree on how to strengthen it.
Republicans want to ensure legal protections for private firms and industry organizations communicating vulnerabilities with the federal government.
Democrats say that enhanced information-sharing between the public and private sectors would not defend the nation against sophisticated cyber attacks. They want stronger protections for civil liberties and language for monitoring critical infrastructure networks like the electric grid.
Wellinghoff’s explanation of the current restraints on improving cybersecurity paid heed to the different Republican and Democratic approaches on the topic.
“No. 1, I don’t have an effective way to confidentially communicate [cyber threats] to the utilities,” Wellinghoff said. “And No. 2, I have no effective enforcement authority, and I’ve said this for six years now. And I’ve also said I don’t care who has the authority, but Congress should give someone the authority.”
But since a comprehensive Senate bill floundered before the summer recess, executive action might be the only hope for cybersecurity changes this session.
The White House has pushed for critical infrastructure provisions in cybersecurity, which the GOP opposes because it says they will lead to increased regulation. Still, the administration is weighing issuing an executive order to impose cybersecurity measures on such networks.
Leave a Reply