TRENDING:

The Public Eye with Eric Chabrow

Does FERC Seek War Powers?

Eric Chabrow (GovInfoSecurity) • May 7, 2009    
Does FERC Seek War Powers?

Should a federal agency be given the power to wage war, even if it's a virtual one?

One could infer that by reading the words of Joseph McClelland. He's director of the Office of Electric Reliability at the Federal Energy Regulatory Commission, the federal agency with jurisdiction over interstate electricity sales and wholesale electric rates.

In prepared testimony delivered Thursday at a hearing on cybersecurity and the critical electricity infrastructure before the Senate Committee on Energy and Natural Resources, McClelland said that any new legislation should allow the commission to take action before a cyber or other national security incident occurs to prevent a significant risk of disruption to the electrical grid. His statement read:

"In order to protect the grid, it is vital that the commission be authorized to act before an attack."

McClelland didn't provide details in his prepared remarks on what he meant by "authorized to act before an attack." No doubt, the government should use nearly any means to prevent a real or virtual attack on the nation's critical infrastructure, including our electrical system. Any significant power loss would devastate our nation and economy. Using cyberspace as an offensive weapon to prevent attacks is appropriate.

But we shouldn't authorize specific commissions or agencies to provide the virtual weaponry to deploy against our online adversaries. That should be placed at the White House level or through a joint cyberspace defense command being organized by the military.

The electrical grid, no doubt, is part of the nation's critical infrastructure. Yet, it seems, not every owner and operator of power generators sees itself as being critical.

In his testimony, McClelland told the Senate panel a disturbing fact culled from a recent survey by the North American Electric Reliability Corp., a not-for-profit corporation that promotes electrical bulk power transmission: Only 29 percent of power generation owners and operators reported at least one critical asset. It's unclear what portion of the U.S. generation capacity that 29 percent represents or what portion of the designated critical assets represent, he said. "Thus, it's not clear - even today - what percentage of critical assets and their associated critical cyber assets has been identified. It is clear, however, that this issue is serious and represents a significant gap in cybersecurity protection."

Indeed.

What are your thoughts about the-best-defense-is-the best-offense approach to securing our critical IT infrastructure. Should it be centralized, and if so where? Or, should each organization develop its own plans, even if it means making virtual attacks against adversaries abroad? Share your thoughts below.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.