Testimony For 2023 Senate Energy Committee Hearing On Cyber Security Of The Grid 6437166f89d42

Testimony for 2023 Senate Energy Committee hearing on cyber security of the grid

April 13, 2023
The March hearing included the need for accurate industry incident sharing with the intelligence community through the Energy Threat Analysis Center (ETAC).

I provided my blog, “NERC Cyber Security Incident Reporting Is Obscuring the Truth” to the Senate Energy Committee staff prior to the March 23 Senate Energy Committee hearing on cyber security of the grid. The hearing included the need for accurate industry incident sharing with the intelligence community through the Energy Threat Analysis Center (ETAC). It is not clear how viable the ETAC will be based on the lack of accurate control system cyber incident disclosures identified above. The control system cyber incident information sharing issues are not limited to the electric industry. Industry cyber security programs, the National Cybersecurity Strategy for Critical Infrastructure, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), and government cyber security requirements assume that control system cyber incidents can be accurately identified in a timely manner. An example of the inaccuracy of control system cyber security incident reporting is the 2021 Oldsmar, Florida wastewater treatment facility “cyberattack.” Despite the wide- spread claims of a cyberattack, the facility incident was user error.

As a result of these issues, I was encouraged by Senate Energy Committee staff to provide a version of my blog for the hearing record. My testimony will be available by mid-April at the Congress.gov website.

About the Author

Joe Weiss | Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]