Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Any reduction in Energy Department's cybersecurity resources a mistake

Friday, May 7, 2021

Categories: ASCF News Cyber Security

Comments: 0

granholmjennifer

In March, a bipartisan group of senators led by Jim Risch (R-Idaho) and Angus King (I-Maine) sent a letter to Energy Secretary Jennifer Granholm expressing support for the department’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Joined by the chair and ranking member of the Senate Committee on Energy and Natural Resources, the letter highlighted the vital role CESER plays “in protecting the nation’s critical energy infrastructure from cyber threats, physical attacks, and other disruptive events.” More than a month later, the Biden administration has still not nominated an assistant secretary to lead the office.

The letter reflects the senators’ concerns that the Biden administration is considering downgrading the CESER billet from the assistant secretary level to make space for new assistant secretary assignments for justice and jobs. Coming on the heels of a Government Accountability Office (GAO) report highlighting the Department of Energy’s (DOE) unfinished work to secure the nation’s electric grid and supply chains, Secretary Granholm would be making a mistake if she were to reduce the seniority of cybersecurity leadership at the department.

As the sector risk management agency for the energy sector, DOE has done important work to address vulnerabilities in electrical generation and transmission systems, but as the GAO report concluded, there is more work to be done. DOE’s cybersecurity plans “do not fully address risks to the grid’s distribution systems.” In response, DOE acknowledged GAO’s assessment, agreed with its recommendation, and then pointed to two ongoing CESER research projects aimed at improving the cybersecurity of these systems. This remaining work is critical for securing the part of the electric grid that delivers (distributes) the electricity produced in power plants (generation), transmitted through high-voltage systems (transmission), the last mile to our homes and businesses.

While there certainly is more to be done, the new energy secretary has actually taken leadership of the federal agency with one of the most effective cybersecurity programs. The March 2020 Cyberspace Solarium Commission report highlighted a number of DOE cybersecurity and private sector outreach programs that other agencies should consider replicating. The CESER office deserves much of the credit for this effort. This is a direct result of the office having the appropriate seniority (including a Senate-confirmed assistant secretary), resources, congressional support, and relationships with both the private sector and state and local governments. All of this is needed to address the ongoing cyber risks to our nation’s energy infrastructure and to develop policies and lead the emergency responses to security and natural disaster incidents.

For example, CESER coordinates the membership and growth of the Cybersecurity Risk Information Sharing Programs (CRISP), one of the only public-private data sharing and analysis platforms between the federal government and critical infrastructure owners. CRISP facilitates timely bi-directional sharing of unclassified and classified threat information among energy sector stakeholders. In fact, outside of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the agency broadly responsible for all federal cybersecurity efforts, no federal agency has matched CESER’s efficacy and outreach. Because of CESER, the Department of Energy has become the comparative gold standard of federal cybersecurity sector risk management agencies.

Additionally, CESER administers the Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program, one of the few testing programs for securing high-priority hardware and software components that make up the physical systems of critical infrastructure. CyTRICS testing then helps industry partners improve security, design, and manufacturing. Given that 25 percent of respondents to a North American Electric Reliability Corporation Level 2 alert indicated that they or their third-party service providers had downloaded compromised software associated with the SolarWinds compromise, now is not the time to stall efforts to improve resilience of an increasingly digital energy system.

While President Biden has pledged to prioritize cybersecurity, he has, so far, left the CESER assistant secretary position vacant. As the administration vets incoming officials, our adversaries are not sitting still. Threat actors — including nation states, criminal groups, hacktivists, and insiders — are capable of and willing to carry out cyberattacks that could place the electric grid at risk. There are several clear examples of electric grid hacks across the world. Late last year, the People’s Republic of China allegedly released a series of trojan horses on the Maharastra electricity grid in India, taking out power for several hours. A little closer to home, the Reading Municipal Light Department (RMLD), an electric utility company based in Massachusetts, reported in February 2020 that they had been the victim of a ransomware attack. These threats are only going to continue to grow.

As the senators wrote, “[t]he reliability and resilience of the electric grid is critical to the economic and national security of the United States.”

Unless DOE continues to prioritize cybersecurity risks to our electric grid, the plans it had drawn out so far will be of little to no use. An assistant secretary level leader, with a properly resourced office has been, and will continue to be, key to this success. Hopefully, to paraphrase Mark Twain, rumors of a reduction in seniority of the CESER billet are greatly exaggerated. But if not, any such reduction would be a critical error at a critical time.

Photo: Getty Images

Link: https://thehill.com/opinion/cybersecurity/551653-any-reduction-in-dept-of-energys-cybersecurity-resources-a-mistake

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.