In the News – This Week in Critical Infrastructure: Week of July 11, 2016

The House of Representatives Homeland Security Committee, Cybersecurity, Infrastructure Protection, and Security Technologies Subcommittee held a hearing on July 12 titled “Value of DHS’ Vulnerability Assessments in Protection Our Nation’s Critical Infrastructure.” Witnesses included Chris P. Currie from the Government Accountability Office, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications in the DHS National Protection and Programs Directorate (NPPD), Caitlin Durkovich, Assistant Secretary of the Office of Infrastructure Protection at DHS NPPD, and Marcus L. Brown from the Office of Homeland Security for the Commonwealth of Pennsylvania. The hearing explored the challenges and achievements of the DHS Protective Security Advisor (PSA) and Cyber Security Advisor (CSA) Programs, along with other federal infrastructure security and vulnerability assessment programs, including an evaluation of DHS measures to address gaps identified by GAO in their 2014 report on DHS assessment programs.

On Tuesday, the U.S. Senate Committee on Energy & Natural Resources, Subcommittee on Energy heard testimony on S. 3018, the Securing Energy Infrastructure Act. This bill would create a two-year control systems pilot program for securing energy infrastructure through the National Laboratories to research measures to isolate and defend systems through the use of analog and physical controls. Witnesses included Patricia Hoffman, Assistant Secretary, Office of Electricity Delivery and Energy Reliability, U.S. Department of Energy; Duane D. Highley, President & CEO, Arkansas Electric Cooperative Corporation; Rob Manning, Vice President, Transmission, Electric Power Research Institute; and Brent Stacey, Associate Laboratory Director, Idaho National Laboratory.

On July 13, the National Transportation Safety Board (NTSB) hosted a roundtable discussion titled “A Dialogue on What’s Next in Rail Tank Car Safety.” The dialogue at this event aimed to gather information and and help the NTSB better understand the issues facing operators who must comply with new rail safety requirements included in the 2015 Fixing America’s Surface Transportation Act (FAST Act).

Aaron Boyd writes on two recent congressional hearings that aimed to provide clarity regarding the circumstances in which a cyber attack would constitute a justification for the use of military force. As cyber attacks continue to increase in scale and sophistication, targeting critical infrastructure like power grids and dams, experts and policymakers are striving to formulate plans for reacting to kinectic damage caused by state-sponsored hackers. When is it appropriate to respond to a cyber attack with physical military retaliation?

Rebecca Smith writes for the Wall Street Journal on the physical threats that grid infrastructure faces through an examination of several recent acts of criminal trespass, vandalism, and destruction targeting energy assets. The complexity and scale of the power system creates the potential for a coordinated series of such attacks to damage significant portions of the U.S. grid, causing outages that last for weeks or even months. Despite physical security standards from FERC and NERC, many small substations continue to operate with inadequate protection, increasing the opportunity for such attacks.