Skip to main content
close search
site logo
Dive Brief

Congressman targets utility security clearances for new legislation

Published June 11, 2018
Iulia Gheorghiu's headshot
Iulia Gheorghiu Editor
Flcikr user Yuri Samoilov

Dive Brief:

  • Rep. Jerry McNerney, D-Calif., said he will work with Florida Power & Light (FP&L) to address the dearth of security clearances for utility employers as his office considers possible legislative solutions.

  • After speaking a cybersecurity event Friday, McNerney told reporters that increasing utility access to sensitive information is a priority for him. While he did not address potential legislative solutions being considered, cyber-security experts and federal regulators discussed various efforts to declassify information throughout their presentations.

  • Other experts, including National Institute of Standards and Technology (NIST) senior security engineer Jim McCarthy highlighted the need for "a concerted push" on the federal level to prioritize cybersecurity. Congress has had bipartisan support in recent years to pass cybersecurity and grid infrastructure legislation, but efforts were repeatedly scuttled on the House floor.

Dive Insight:

Security clearances require time and resources to obtain, but utilities need to access and share sensitive information in order to protect critical technologies and systems.

GridEx IV, the biennial grid security simulation that took place in November 2017, identified the small number of security clearances among utility personnel as a barrier to utilities responding effectively in a security emergency.

"Government should plan to quickly declassify information that utilities need to prevent or respond to attacks," the report stated among its recommendations.

McNerney commented on the importance of giving utilities secure access to information, "without worry about proprietary data" or exposure to the Freedom of Information Act. In a hallway interview with reporters, the congressman said he learned of the issue in a forum on Thursday from FP&L president and CEO Eric Silagy.

McNerney has introduced grid security measures that recently passed the House and co-founded the bipartisan Grid Innovation Caucus in 2017. McNerney said he will work with FP&L, and more generally with utilities, to "see if there's anything we can do" regarding the communication that's being stymied by a lack of security clearances.

"We need to figure out a way so they can share information and both sides feel comfortable that we're not compromised," McNerney said.

FP&L did not immediately respond to requests for comment or Silagy's remarks.

There are multiple ways to address the challenge posed by the backlog of security clearances, Bill Lawrence, director of the Electricity Information Sharing and Analysis Center (E-ISAC), told the Friday forum hosted by the Lexington Institute.

Within E-ISAC, security clearances are applied to "work with the government partners to try and get things down below the tier line and unclassified," in order for industry analysts to have access to it, Lawrence said. They need access to apply the sensitive information, since they're the ones who are going to take the action.

"It's still sensitive information so we protect it when we share it with the organizations, but we can spread that throughout all of our stakeholders," Lawrence told Utility Dive.

One of E-ISAC’s programs is focused on facilitating a cybersecurity information exchange between federal, regulatory and industry stakeholders. Cybersecurity Risk Information Sharing Program (CRISP) is based on technology deployed by the Department of Energy (DOE) more than a decade ago. It is subscription based, allowing North American utilities to voluntarily join and help "identify threats across the sector," according to NERC.

While the lack of security clearances may be addressed more quickly through declassification, the cybersecurity and utilities industries have called for grid modernization and reform. Many speakers applauded the recent DOE cybersecurity efforts in their remarks, but also asked for more federal funding.

"It is hard for me to imagine that we can fully address the [security] problem without the modern equivalent of the Rural Electrification Act," NIST's McCarthy said in his remarks at Friday's event, referencing the 1936 law that created a federal loan program to build critical rural grid infrastructure.

CORRECTION: An earlier version of this story incorrectly identified whom McNerney heard speak at a recent forum from FP&L. It was Eric Silagy, president and CEO of FP&L.

 

Editors' picks

Company Announcements

View all | Post a press release
Oncor System Resiliency Plan Approved by PUCT
From Oncor
November 14, 2024
ABB launches next-generation medium voltage drive, designed to enhance industrial performance …
From ABB
November 19, 2024
General Atlantic’s BeyondNetZero Fund and TA Partner to Drive Continued Growth of Technosylva
From Technosylva
November 21, 2024
Chartwell Electric Vehicle Benchmark Survey in the Field for North American Utilities
From Chartwell Inc.
November 19, 2024
Editors' picks
Latest in Transmission & Distribution
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.