Trump administration is managing threats, not hysteria, in the cyber domain
Last week, Congress passed the largest defense spending increase in 15 years, committing nearly $700 billion on national security to keep our nation safe. Secretary of Defense Jim Mattis — aware of the Pentagon’s habit of spending money unwisely — warned military leaders that “results and accountability matter in every expenditure.”
During the same week, several national publications sounded the alarm about the vulnerability of our nation’s energy grid to Russian hackers, and the need to combat such existential threats to our society. That our nation faces cyber threats is not a point for debate. However, stoking fear — without giving the facts about how our nation is managing the cyber threat — does a disservice. In fact, a great deal is being done to protect our power plants, transmission capabilities and other aspects of the electrical grid.
{mosads}One widespread program is the Cybersecurity Risk Information Sharing Program (CRISP), a public-private partnership geared toward defending more than 75 percent of U.S. electric customers. Industry experts have testified that information gained from its sensors and the associated analysis has proven extremely valuable to identifying and addressing cybersecurity risks.
Another partnership between industry-government includes exercises, such as the so-called biennial GridEx. The most recent event, which was held in November, involved more than 6,000 participants representing more than 400 organizations from across the electric power industry, federal, and state government. These exercises promote unity of effort between electric companies and government agencies.
In September 2017, the Department of Energy (DOE) awarded 27 grants totaling $50 million to strengthen the security and resiliency of the energy grid, including the electric grid and oil and natural gas infrastructure. According to DOE, seven of the grants are for resiliency projects under the Grid Modernization Initiative (GMI), while 20 grants support cybersecurity projects. The GMI goal of modernizing the energy grid includes improving grid security. Nine national laboratories administer the grants in partnership with numerous military, academic, and corporate entities.
Finally, there is DOE’s new Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Legislation passed by Congress codifies DOE’s role. The CESER is expected to enhance the relationship between industry and DOE on issues of cybersecurity.
Sadly, much of the fear mongering over cyber threats is nothing more than attempt to get the federal government to invest more money into combatting these challenges. Be assured, the $700 billion-dollar national defense budget has gotten the attention of the cyber industry and their allies in the Pentagon. But we must heed Secretary Mattis’ warning that these taxpayer dollars need to be spent wisely.
Be assured, this administration is actively engaged with industry, academia, and states on many levels. Former Obama cyber official, the former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States, Richard Clark, once spoke of cyber as being akin to the nuclear war strategy paradigm. Massive retaliation, mutual assured destruction.
While that may be true — and our ability to project destruction abroad should not be discounted — the current program of partnering with industry and academia in energy grid security, resilience, and recovery is to be commended, not used as a half-sided, self-serving argument for additional resources.
Greg Kiley is a former senior associate at the Center for Strategic and International Studies; a former senior professional staff member for the Senate Armed Services Committee; and a former U.S. Air Force Officer.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.