The top Democrat on the Senate Energy and Natural Resources Committee is calling on two government agencies to review current policies that guide how America’s power grids and pipelines defend against cyberattacks.
The request comes in the form of two letters demanding a review of U.S. energy infrastructure by the Government Accountability Office and Transportation Security Administration from Maria Cantwell, D-Wash., the ranking member of the Senate Energy and Natural Resources Committee. The GAO is the investigative office of Congress, and the TSA has oversight over pipelines in addition to its core transportation responsibilities.
The requests come amid reports that Russian hackers have organized phishing email campaigns targeted at U.S. energy providers within the private sector, including at least one nuclear plant.
“There have been multiple attacks on all of our grids,” said Ret. Brig. Gen. Stephen Cheney, who leads the nonpartisan American Security Project, during a committee hearing Tuesday. “And if we just put our heads in the sand and don’t put the funding towards it or research that is needed to counter these, it is going to get worse, significantly worse.”
Cantwell introduced several bills in May related to the cybersecurity of America’s energy infrastructure, in addition to sending two letters in the last five months to President Trump imploring him to abandon his budget cuts to offices within Department of Energy responsible for enforcing cybersecurity policy.
The Trump administration has proposed a 42 percent budget cut to the Department of Energy’s Office of Electricity Delivery and Energy Reliability, which is responsible for securing the nation’s energy infrastructure from cybersecurity threats.
The letters, announced by Cantwell and co-signed by Rep. Frank Pallone Jr., D-N.J., requested an evaluation of U.S. cyber and physical security conditions for U.S. natural gas, oil, and other hazardous liquid pipelines and associated infrastructure. Pallone is ranking member of the House Energy and Commerce Committee.
“The goal is to raise the profile of this issue, meaning cybersecurity of energy networks, with the Trump administration, which so far has chosen to ignore our oversight letters and questions and also slash the funding of the very office that is responsible for protecting the grid from cyber attacks,” a spokesperson from Cantwell’s office told CyberScoop. “We’re very distressed by [the Trump administration’s] seemingly lackadaisical approach to this. I’m going to leave it to others to speculate why they may not be wanting to talk about Russian cyberattacks, but that’s what her job is on the committee.”
The identical questions posed to the two agencies in the letters largely pursued clarifications and specific data of the current cyber and physical security measures of critical energy infrastructure. Cantwell noted during Tuesday’s hearing that the second installment of the federal government’s Quadrennial Energy Review, conducted in January, raised questions about the cybersecurity of America’s pipelines, furthering the need for a comprehensive review of such infrastructure.
“The second installment [of the Quadrennial Energy Review] finds the electricity system is a critical and essential national asset, and it is a strategic imperative to protect and enhance the value of the system through modernization and transformation,” according to the Department of Energy’s website.
Cantwell outlined the impetus for the request clearly in the letter, noting the devastation that an attack on the U.S. energy grid could cause.
“These include both the increasing interdependence of U.S. electric and natural gas infrastructure, and the evolving nature of cyber threats from both criminal and foreign state actors,” Cantwell wrote in the letter, referencing trends underscoring the importance of such a review. “The potential risks are grave, given that an attack on natural gas pipelines could, potentially, cripple the electric grid, which is a significant economic and national security asset,” she later wrote.