Electric cooperatives and other key sectors on the frontlines of cyberattacks from Russia and other nation states will get a boost from the federal government as key agencies form a new National Risk Management Center under the Department of Homeland Security.
The center will serve as “the focal point for threat information facing telecommunications, financial services and electricity,” said Duane Highley, CEO of Arkansas Electric Cooperative Corp. & Arkansas Electric Cooperatives Inc.
“Our federal partners are making the first commitments to creating a true coordinated multisector response to the growing cyber threat, bringing together electric utilities, telecom, and the financial services sector through unprecedented cooperation.”
DHS, the FBI and the Energy, Defense and Treasury departments launched the center during the National Cybersecurity Summit in New York City on July 31. Highley, co-chair of the Electric Subsector Coordinating Council, participated in a CEO roundtable at the event. The ESCC is the principal liaison between the federal government and the electric utility sector leadership for coordinating preparation to national disasters or threats to critical infrastructure.
The federal agencies committed to “work together, along with CEOs from each sector, to share threat information and to coordinate response across sectors in the event of a physical or cyber event,” Highley said in an interview following the summit.
He said that the federal effort is a welcome development, but that electric cooperatives must continue to enhance their own resources and build a dedicated defense.
“Our partnership with these federal agencies is one way to leverage our resources, but we cannot rely on that alone,” Highley said. “Our members expect us to keep their power reliable and affordable. A cyberattack hurts both of those objectives.”
He noted the electric utility sector is held in high regard by the federal agencies for its cybersecurity practices, but he cautioned that now is not the time to ease up.
“We were told a number of times by both DHS and DOE leadership that the electric sector has been the model sector in terms of CEO engagement, public/private coordination and development of standards and best practices,” Highley said. “That said, there is still much more we can do.
“The enemy is continually testing our critical infrastructure and looking for any gap. They would delight in compromising even the smallest utility systems.”
Among other requests, the ESCC and industry leaders have asked the federal government for timelier processing of classified clearances for key personnel and more cost-effective cyber-solutions for small utilities such as municipals and co-ops, Highley said.
“We need insight from our federal partners on the classified threats they see developing, and we need to share information with them about the threats we are seeing to help us both connect the dots, anticipate and deflect the next wave of cyberattacks.”