Security Experts:

New Federal Energy Regulatory Commission Office Will Focus on Cyber Security

Office of Energy Infrastructure Security Will Address Cyber Attacks Risks and Physical Threats Such as Electromagnetic Pulses

The Federal Energy Regulatory Commission (FERC), the agency responsible for overseeing the interstate transmission of oil, natural gas, and electricity, as well as regulating natural gas and hydropower projects, on Thursday announced new initiatives to step its cyber security efforts.

Federal Energy Regulatory CommissionAs part of its new security efforts, FERC Chairman Jon Wellinghoff said a new office is being created that will help the Commission address potential cyber and physical security risks to energy facilities under its jurisdiction.

The new “Office of Energy Infrastructure Security” (OEIS) will be headed by Joseph McClelland, who has been Director of the Office of Electric Reliability since its formation in 2006.

According to FERC, OEIS will provide leadership, expertise and assistance to the Commission to identify, communicate and seek comprehensive solutions to potential risks to FERC-jurisdictional facilities from cyber attacks and certain physical threats such as electromagnetic pulses.

Overall, Wellinghoff said the Office of Energy Infrastructure Security would focus on:

• Developing recommendations for identifying, communicating and mitigating potential cyber and physical security threats and vulnerabilities to FERC-jurisdictional energy facilities using the Commission’s existing statutory authority;

• Providing assistance, expertise and advice to other federal and state agencies, jurisdictional utilities and Congress in identifying, communicating and mitigating potential cyber and physical threats and vulnerabilities to FERC-jurisdictional energy facilities;

• Participating in interagency and intelligence-related coordination and collaboration efforts with appropriate federal and state agencies and industry representatives on cyber and physical security matters related to FERC-jurisdictional energy facilities including, but not limited to, participating in conferences, workshops and classified briefings; and

• Conducting outreach with private sector owners, users and operators of energy delivery systems regarding identification, communication and mitigation of cyber and physical threats to FERC-jurisdictional energy facilities.

“Creating this office allows FERC to leverage its existing resources with those of other government agencies and private industry in a coordinated, focused manner,” Wellinghoff said. “Effective mitigation of cyber and other physical attacks requires rapid interactions among regulators, industry and federal and state agencies.”

“There is a reason why the energy sector is on the nation’s Critical Infrastructure list, it is a critical target for any organization seeking to disrupt the US way of life and the network that powers our nation,” commented Lila Kee, Chief Product Officer at GlobalSign and Executive Committee member for the North American Energy Standards Board (NAESB) Wholesale Electric Quadrant.

Power Grid Security

“These days, there simply is no such thing as ‘not enough’ security when it comes to protecting grid reliability and the creation of this office is another example of how FERC continues to monitor the issue and strengthen cyber defenses for the sector,” Kee added.

According to Kee, we can’t rely on government alone to setup up security in the critical infrastructure space.

“Private industry needs to step up and do its part as well, as security vendors we should be driving the creation and adoption of standards that support national defense efforts, investing in R&D that will provide greater protection and making product improvement decisions that respond to threats,” Kee said. 

Related Reading: Smart Grids Need to be Rebuilt With Security 

Kee also suggests that it is important to understand that there are intricacies and nuances in the energy sector that should be understood.

“There are systems and applications used by energy providers to perform transactions such as trading that although vital and accessible on the Internet, don’t play a direct role in controlling or supporting electric reliability and delivery to end users," she said. "It is important for government, private enterprise and the public in general to understand the differences, this will ensure that resources are allocated appropriately in the effort to strengthen the security of the grid and systems used for business transactions.”

In addition to regulating the oil, natural gas, and electricity industries, the FERC is also focusing on smart grid issues, which has become a hot topic in relation to cyber security and critical infrastructure.

Related InsightMaking The Smart Grid Smarter than Cyber Attackers

Related Insight: Smart Power Grids a Prime Target in Cyber Warfare

Related Insight: The Increasing Importance of Securing The Smart Grid

Related ReadingFun and Games Hacking German Smart Meters

Related ReadingSmart Meters Vulnerable to False Data Injection