Source: United States Senator for West Virginia Joe Manchin
March 23, 2023
Washington, DC – Today, the U.S. Senate Energy and Natural Resources Committee held a hearing to examine the steps needed to address the cybersecurity vulnerabilities to the United States’ energy infrastructure. During the hearing, Chairman Joe Manchin (D-WV) discussed how the nation’s aging grid, evolving energy system, and new energy sources coming online have created vulnerabilities in the United States’ energy infrastructure cybersecurity.
“Our energy system is rapidly evolving. Our aging grid is not designed to protect itself from modern cyberattacks and is transforming into a new network-connected environment. In addition to the electric grid, pipeline networks are becoming more dependent on internet-based control systems for their operations. As we improve our energy systems with remote and automated capabilities intended to make energy more reliable, this new connectivity raises the stakes for security intrusions,” said Chairman Manchin.
“We must also consider the new distributed energy resources connecting to our grid. Americans are purchasing rooftop solar panels and electric vehicles at a rapid rate. These resources provide benefits to consumers but present serious cybersecurity challenges to our grid. While experts are still determining the degree of risk, there is concern that these new resources can serve as additional “entry points” for cyber adversaries to target the grid and could have the possibility to cause major disruptions,” Chairman Manchin continued.
During the hearing, Chairman Manchin asked Mr. Puesh M. Kumar, Director of the Office of Cybersecurity, Energy Security, and Emergency Response Preparedness (CESER) at the U.S. Department of Energy (DOE), about current shortages of electric distribution transformers. Transformers are crucial for maintaining electric reliability, and the lead time on new distribution transformers has grown to as long as three years from eight to 12 weeks in previous years.
“What concrete actions is DOE taking to address the transformer shortage?” asked Chairman Manchin.
“Last year, we partnered with the electricity sector owners and operators to identify what was the cause of specific supply challenges that we were having across the country. There are two big items that we learned. One was labor. A lot of the transformer manufacturers didn’t have the labor to actually produce some of the transformers. The second thing was minerals. And then the third thing that was a contributing factor was, as we become more electrified as a community, it was putting demand on increasing more of the production,” replied Mr. Kumar.
“Let me ask you this. Basically, you all are seeing it firsthand of what happens if we don’t have the critical mineral supply or a reliable foreign supply chain. Then why don’t you push harder for us to get permitting done to where we can secure our own? If DOE would speak up it might help us,” said Chairman Manchin.
“Mr. Chairman, we couldn’t agree more that permitting is an issue that we do need to address,” replied Mr. Kumar.
Chairman Manchin also asked all three panelists about the cybersecurity threat environment.
“It is increasingly clear that state and non-state actors are targeting our energy infrastructure to disrupt our economy and for financial gain. If I was going to create a cyberattack, I would hit the most critical [energy infrastructure] to have the most impact and send the greatest message. Are we hardening those first? Have we picked our priorities? Do you all know of anything being done, or would you suggest something that should be done?” asked Chairman Manchin.
“When I think of what keeps me up at night in terms of the various cyber threats, there are three big buckets that I think about. One is, like you said, there’s increasing cyber threats. The intel community keeps telling us China, Russia, and with Colonial, it was a criminal actor that was able to disrupt. So, if a criminal actor is able to disrupt that, imagine the capabilities of a nation-state to conduct a similar incident. Number two, it’s digitalization. The reality is the grid and the energy sector, more broadly, is becoming more digitally connected, and that is good because it helps us become more reliable and more resilient as a country, and lets us connect different generation sources from across the country. But we also have an opportunity to build in security, and so that is another area as we become more digitally connected as a society, we need to be including cybersecurity. And then three, we need to look at our workforce. The reality is across the country, we have a shortage of about 700,000 cybersecurity professionals across critical infrastructure in the United States,” said Mr. Kumar.
Chairman Manchin continued, asking the panelists about the prioritization of critical energy infrastructure for cybersecurity strengthening.
“Let me ask this to all of you. Do you know of any group working to prioritize the most critical infrastructure we have in all segments of our society?” continued Chairman Manchin.
“We at the Department [of Energy], that’s one of our roles as a sector risk management agency, we have an electric sector risk register,”said Mr. Kumar.
“I would briefly state that I am very excited by the DOE’s work, but I don’t think we have those critical lists. I think there’s a lot of overlapping lists, and some of the most critical sites in the country are based on use cases. If you want to put troops in the South China Sea in a conflict, it’s not going to be the largest sites that are important, it might be a tiny substation supporting a port, and nowhere in the government am I aware that is identified,” replied Mr. Robert M. Lee, CEO and Co-Founder, Dragos, Inc.
“As a major asset owner, AEP is prioritizing all the critical assets. We have a tiering methodology and regular classified and unclassified level discussions [with government officials] on what we think is most critical and where we should focus,” said Mr. Stephen L. Swick, Chief Security Officer, American Electric Power.
The hearing featured witnesses from the U.S. Department of Energy, Dragos, Inc., and American Electric Power.
To watch the hearing in full, please go to energy.senate.gov