The overhaul of the U.S. electricity network with technologies to improve efficiency gives hackers new targets for cyber attacks, the head of the University of Southern California Energy Institute said.
“What you’re doing is you’re actually creating a whole new class of vulnerabilities,” Donald Paul, executive director of the institute, said last week at a U.S. Chamber of Commerce cybersecurity conference in Washington.
The U.S. invested $4.5 billion in grid upgrades under President Barack Obama’s 2009 stimulus bill, matched by $5.5 billion from private companies, the Energy Department said last year. Smart meters, encouraged by the U.S. as part of the stimulus, let customers monitor energy consumption and help utility companies set pricing based on demand fluctuations.
Energy companies including the utilities would need a sevenfold increase in computer-security investment to reach a desired level of protection, according to a survey for Bloomberg Government by the Ponemon Institute LLC released in February.
A 2011 report from the Electric Power Research Institute said that about $3.7 billion in investment is needed to protect the grid from cyber attacks, according to an Massachusetts Institute of Technology study released in December.
Refineries and pipeline companies also are increasing risks by connecting their networks with those of their suppliers, Paul said.
Separately at the conference, House Intelligence Committee Chairman Mike Rogers said he’s talking to senators of both parties about reviving legislation to encourage companies and government to share information about cybersecurity threats. The Michigan Republican declined to name the lawmakers.
The idea is to come to an agreement “that we can sell to our respective conferences” and get something done in the lame- duck session after the November election, he said.
“We think that there might be one last shot here -- maybe I’m an eternal optimist -- to get this thing sparked back to life,” Rogers said, adding that recent new-threat information is helping to revitalize discussions.
Rogers and Rep. C.A. “Dutch” Ruppersberger of Maryland, the committee’s ranking Democrat, sponsored an information-sharing bill that passed the House in April. The Obama administration at the time threatened to veto the measure, saying it wouldn’t do enough to protect the nation’s vital infrastructure and would erode privacy safeguards for sensitive consumer data.
The administration is considering an executive order to accomplish some of the goals of a separate cybersecurity bill in the Senate that was blocked by Republicans in August. That measure would have set voluntary cybersecurity standards for companies operating critical U.S. infrastructure.