September 28, 2012
A group of electric companies says it is not opposed to working with the federal government to secure power-grid computer networks, as long as regulators don’t proscribe new burdensome and inflexible rules.
Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., helped sponsor legislation that would have created more government oversight of certain critical networks, including those that control electric grids. After that bill floundered in the Senate partly because of industry opposition to new rules, he wrote a letter to top leaders of Fortune 500 companies asking them about their views on cybersecurity.
In a response to that letter sent on Thursday and obtained by National Journal, industry associations that represent electric companies, including 24 that received Rockefeller’s letter, say they are open to voluntarily collaborating with government officials.
“We want to be clear that we do not oppose such a regime, provided it does not seek to supplant the existing regulatory structures and public-private coordination already taking place in the electric and nuclear power sectors, even in the absence of new cybersecurity legislation,” the letter states.
Officials fear that a cyberattack aimed at the computer networks that control power grids and other critical infrastructure could cause economic devastation and even loss of life. The companies warn, however, that any regulatory regime cannot focus on meeting specific security standards that may soon be out of date.
“While standards enforce good business practices and encourage a baseline level of security, compliance checklists that focus only on performance requirements are not sufficient to address cyber threats,” the associations wrote. The companies say the electric sector has already been subject to mandatory cybersecurity standards since 2005. Any new cybersecurity program should focus on those sector-specific standards, they argue.
Rockefeller spokesman Vincent Morris said the senator will be reviewing all the letters and will consider all the arguments, but ongoing cyberattacks show that current standards aren't enough.
"We know what's in place won't cut it because the cyber terrorists have moved beyond where we were in 2005," Morris said in an e-mail to National Journal.
The White House is currently drafting an executive order that could enact some voluntary security standards for companies, but Homeland Security Secretary Janet Napolitano said on Friday that the president has yet to review the potential order.
The letter to Rockefeller was signed by representatives of the Edison Electric Institute, the National Rural Electric Cooperative Association, the Nuclear Energy Institute, the American Public Power Association, and the Electric Power Supply Association.
September 28, 2012