Science Committee Ranking Members Request GAO Investigation of Cybersecurity Threats to the U.S. Electric Grid
(Washington, DC) – Today, Congresswoman Eddie Bernice Johnson (D-TX), Ranking Member, Committee on Science, Space & Technology, Congressman Donald S. Beyer, Jr. (D-VA), Ranking Member, Subcommittee on Oversight, Congressman Marc Veasey (D-TX), Ranking Member, Subcommittee on Energy, and Congressman Dan Lipinski, Ranking Member (D-IL), Ranking Member, Subcommittee on Research & Technology, wrote to the Government Accountability Office (GAO) requesting they investigate cybersecurity issues related to the U.S. electricity grid.
Over the past year, the Department of Homeland Security (DHS) has attributed multiple attacks against U.S. critical infrastructure components to Russian and other actors. Hackers from Russia, China, Iran and North Korea have been implicated in attacks against U.S. and foreign critical infrastructure networks, including U.S. nuclear power plants and other elements of the electric grid. Last year, DHS also issued a Binding Operational Directive (BOD) banning the use of Moscow-based Kaspersky Lab computer security products by U.S. government agencies due to concerns that Russian intelligence agencies may have undue influence over the company, which sells cybersecurity products worldwide. This directive, however, does not apply to the operators of U.S. public utility companies.
The letter asks the GAO to evaluate cybersecurity risks to the electric grid and investigate whether electric utilities have appropriate numbers of qualified cybersecurity staff, whether these utilities currently have Moscow-based Kaspersky Lab products on their networks or plans to remove them, whether utility operators are employing best practices and implementing appropriate cybersecurity standards and cybersecurity awareness training for staff.
“The threats against our critical infrastructure are widespread, growing and deeply concerning,” they wrote in the letter. “The ability to respond to these cyber dangers and emerging risks within our critical infrastructure varies greatly among small and large companies, and public and private entities…Cyberattacks and the potential consequences of these attacks against critical infrastructure are escalating. This has made the need to thoroughly address the weaknesses and vulnerabilities of our critical infrastructure paramount.”
A copy of the full letter can be found here.