March 23, 2023

Full Senate Committee on Energy and Natural Resources Hearing to Examine Cybersecurity Vulnerabilities to the U.S. Energy Infrastructure

Witnesses:

  • Mr. Puesh M. Kumar: Director, Office of Cybersecurity, Energy Security, and Emergency Response Preparedness

  • Mr. Robert M. Lee: CEO and Co-Founder, Dragos, Inc.

  • Mr. Stephen L. Swick: Chief Security Officer, American Electric Power

This hearing outlines the different actions needed to address the growing cyber threat landscape in the energy sector. With the cyber world, and reliance on the cyber world, rapidly increasing, this hearing was convened to insist on interference by the national government and a coming together of corporations to keep customer information safe. The witnesses were gathered to provide steps Congress can take to strengthen national cybersecurity.

Director Kumar’s testimony is focused on the cybersecurity landscape of the United States and how it affects the energy department. His testimony also concentrates on the role that the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) plays in the fight against this threat. He points out that a disruption in the energy sector would affect every other sector without exception, especially given the push toward cloud migration. With the ever-changing nature of the energy sector there will always be new threats and opportunities for malicious actors He then went on to explain the energy sector’s roles and responsibilities, specifically emphasizing its duty to protect the sector  from malicious threats that would in any way halt the DOE which would, in turn, affect all critical infrastructure.

Robert M. Lee, a well respected member of the private-sector cybersecurity community as the CEO and co-founder of Dragos, provides his testimony next. Outside of his role at Dragos, he also serves as an advisor at the DOE, Singapore’s Cyber Security Agency, and the World Economic Forum’s cybersecurity committees on oil and gas and electricity. His testimony is a follow-up of one given in 2018 which provides an interesting picture of what has changed since then and how important these things still are. He makes main three points:

  1. The cyber landscape in the last year alone has changed dramatically. With this change, we must focus even more on what we are doing to protect our cyber realm.

  2. The government needs to focus on what is working and what isn’t in its cybersecurity protocols. He states that there needs to be less hesitation in calling out what doesn’t work and more praise for what does.

  3. We must prioritize better.. If the United States government can correctly implement a better prioritization process and protect what needs protecting, it can be an example for the private sector. 

 Stephen L. Swick, Chief Security Officer of American Electric Power, also notes the need to create a more secure and dependable energy grid. He is responsible for both the physical and cyber security of the corporation. He says that “security is a team sport” and sees the banding together of state governments and the private sector as a way to help keep personal information secure. He says that “consistency in a unified, risk-based approach from coast-to-coast supports this approach to security and, therefore, to resilience.” He points out that the electrical grid doesn’t stop at the state lines so we have to work together to be successful. 

Find the full hearing here