U.S. Department of Energy (DOE) secretary Rick Perry, responding to legislators who chided him for allowing Russian hackers inside the country’s critical infrastructure that controls power plants, energy, water, aviation, commercial manufacturing and other vital systems, has formally announced the new Office of Cybersecurity, Energy Security and Emergency Response (CESER).
The sub-agency, which was initially introduced in February, is tasked with overseeing all efforts to safeguard the electric grid and will be armed to respond as necessary to a cyber attack, officials said.
Do we really need another federal agency to combat the Russians? Apparently we do, Perry said. “The formation of this office better positions the department to address emerging threats and natural disasters and support the department's expanded national security responsibilities,” Perry said in testimony before the Senate Energy and Natural Resources Committee (via the Washington Examiner). “There is a clear role that DOE plays on cyber,” he added. “We are committed to being as technology advanced as possible, and it’s the reason we have structured the department as such to clearly send the message this is important and we are going to fund it as such.”
Congress has designated DOE as the lead dog to ensure that utilities are locked down against cyber hacking. Of the $470 million the White House is asking for cyber security in the 2019 budget, about 20 percent, or more than $90 million is targeted for the CESER.
In a Department of Homeland Services and Federal Bureau of Investigation alert last week, the agencies said the Russian hackers could have shut down or crippled facilities basic to the daily lives of millions of people. It marked the first time the Trump Administration has officially confirmed that Russian cyber attackers have targeted U.S. facilities, although U.S. intelligence has been aware of the critical infrastructure forays since 2015.
U.S. government and commercial cyber security experts have previously warned that the U.S. is ill-prepared to detect and combat an attack on the electric grid and associated critical infrastructure controls. Last July, top U.S. security professionals said U.S. cyber defenses may not be able to withstand a withering security attack aimed at government and critical infrastructure targets. Within the next two years, hackers are likely to go after government agencies and vital industries such as utilities, health care facilities and financial services, they cautioned.
Perry also is on record as questioning U.S. readiness to defend against cyber threats to the country’s energy infrastructure. Last week, he told a House Appropriations subcommittee that the federal government isn’t doing enough. "I’m not confident that the federal government has a broad strategy in place that is not duplicating," he reportedly said, "or is least duplicative as it can be."
U.S. Sen. Maria Cantwell of Washington, the top Democrat on the Senate Energy and Natural Resources Committee and a vocal proponent of protecting the energy grid against Russian intrusion, said “we need to do much more to protect it as a national critical asset. Russia has proven its ability to disrupt the grid,” according to a Washington Post report. She contended that opening a new cyber security office at the DOE is “not a substitute for meaningful action we need.”