The energy industry needs “actionable cyberthreat information” if it’s going to protect against possible cyberattacks on the electrical grid.
That is what American Gas Association CEO Dave McCurdy told the Senate Energy and Natural Resources Committee in April 2017. A year later, the need still exists.
Many utility personnel still lack access to the classified information they need to stay abreast of potential threats, according to Cyberscoop.
A two-day exercise called “GridEx” was conducted on November 2017 where 6,500 people from 450 government, utility and academic organizations responded to mock cyber and physical attacks against power generation and transmission facilities and control systems.
A significant hindrance during the exercise was the lack of utility employees who possessed the required clearances to share threat information for the serious cyberattack scenario that the exercise depicted, according to a March 2018 report published by the North American Electric Reliability Corp., which regulated GridEx. It described the number of utility personnel who hold government security clearances as small and insufficient “to share classified information under this severe scenario.” It recommended that the government plan to “quickly declassify information that utilities need to prevent or respond to attacks.”
It’s not that utility employees haven’t applied for security clearance. Many of them are tied up in the security clearance backlog. When McCurdy, a former Democratic congressman from Oklahoma, addressed the Senate Energy and Natural Resources Committee last year, he explained that he had applied for a Top Secret security clearance through the Department of Energy more than a year earlier and was still awaiting approval. He holds a Department of Defense security clearance, he said.
McCurdy said the clearance is needed so personnel has enough information to know what information is “actionable and directly relevant for our particular environment and situation,” he told the committee.
The need for more utility employees to have access to classified information has bipartisan support. Lawmakers on both sides of the aisle have raised concerns over the topic, Morning Consult reported. Lawmakers have said the country doesn’t seem adequately prepared to respond to a major cyberattack on energy infrastructure. The topic has attracted more attention since the development of the “smart grid,” or portions of the grid with tools that communicate digitally with each other.
One way of combatting the dearth of security clearance holders is through new hires. According to a U.S. Department of report released in January 2017, 25 percent of American electric and natural gas utilities employees will be ready to retire in less than five years, the Daily Energy Insider reported.
Judith Jagdmann, chairwoman of the National Association of Regulatory Utility Commissioners Task Force on Military Workforce Development, stated in the report that military veterans are prime candidates to fill these vacancies because they are “the largest source of individuals who have undergone thorough background checks to receive security clearances.”
© 2018 Millionairium and Keep Your Clearance. Authorization to post is granted, with the stipulation that Millionairium and Griffith, Young & Lass are credited as sole source. Linking to other sites from this document is strictly prohibited, with the exception of herein imbedded links.