Atlantic Council Offers New Approach to Cybersecurity

WASHINGTON — The Atlantic Council outlined Tuesday how the U.S. government and businesses can work together to protect the nation’s power grid from cyberattacks.
The United States’ power grid is increasingly reliant on digital technology and the internet. This is especially true as the country moves towards clean energy, such as solar and wind, where there are more sources plugged into the grid powering homes and businesses.
With every power source and device to control that, there’s increasing vulnerability to cyberattacks.
That’s why the Atlantic Council released a report Tuesday detailing how the government can better work with utility companies to defend against this modern threat.
The main problem: “The public and private sectors lack a unified strategic framework to secure energy infrastructure against cyberthreats,” according to the report.
“Ambiguities and gaps in jurisdiction lead to weaker cybersecurity practices, wasted effort by government, confusion for the private sector, and missed opportunities for timely information sharing that would strengthen security,” the report stated.
That was seen last year when the Colonial Pipeline that brings gasoline up the East Coast was halted by Russian ransomware hackers.
The attack wasn’t reported as quickly to the federal government for help because it was against a gasoline company, not an electric company, which is regulated by a different federal agency, said retired Gen. Wesley Clark, one of the co-chairman of the group that created this report.
Aligning general cybersecurity reporting practices for utilities will help create a stronger defense at home, Clark said at the council’s event introducing the report.
The Cybersecurity and Infrastructure Security Agency oversees the response to many of these attacks, and other regulatory agencies don’t often have that cyber expertise.
Many cyber issues arise because it’s like “kids playing soccer where they don’t play the [right] position,” Michael Chertoff, the former secretary of Homeland Security who also co-chaired the group that created the report, said Tuesday at the event.
The report calls for “clarifying CISA’s role as leader of the national unity of effort for critical infrastructure protection.”
In defining that role there needs to be clear coordination between agencies in a cyber defense strategy, the report said. That includes routine tests of systems and ensuring these programs are properly funded, according to the report.
“When you are playing a big game like the World Series you don’t want to meet your teammates day one,” Chertoff said, explaining the coordination would allow the government to stop fighting each cyberattack as a one-off instance.
CISA’s Shields Up program, which was started because of Russia’s war in Ukraine, is a great example of the leadership the agency should be taking, Clark said. The program also shares information about how to thwart a potential cyberattack.
Information sharing is likely the government’s most important role, Chertoff said.
And while cybersecurity is likely top of mind for many business and government officials because of the Russian war in Ukraine, it’s also important to go ahead with the clean energy transition, the report contends.
That’s because these clean energy technologies are reliant on digital access, the report lays out.
“The energy industry would benefit from greater clarity on the thresholds that should prompt government involvement in cyber incident response,” the report said.
Madeline can be reached at [email protected] and @MadelineHughes