Cancel: Info Sharing Critical in Response to Russo-Ukraine Conflict

E-ISAC Chief Praises Collaboration Efforts Across Industries

Ukrainian president Volodymyr Zelensky visits frontline troops in Ukraine's Donetsk region Feb. 17 | Shutterstock

May 9, 2022 | Holden Mann

E-ISAC CEO Manny Cancel said the conflict between Russia and Ukraine has inspired an "unprecedented" level of information sharing regarding cyber threats.

As Russian tanks and infantry massed on the border with Ukraine last year, U.S. government officials began reaching out to owners and operators of the nation’s critical infrastructure, including the electric grid.

Russia’s willingness to wage electronic warfare was well known, and any attack on Ukraine was sure to be accompanied by a cyber offensive that could easily spill across the borders and affect the country’s allies.

While nobody could be sure just what cyber capabilities Russia’s military had in reserve, the government’s hackers had attacked Ukraine’s power grid on multiple occasions; doing the same to the U.S. could cripple Russia’s strongest rival. Manny Cancel, CEO of the Electricity Information Sharing and Analysis Center (E-ISAC), told ERO Insider it took little effort for everyone to realize the shared vulnerability.

Manny Cancel, NERC | NERC

“One of the guiding principles that we all agreed to was sort of lowering the barrier for information-sharing on both sides of the fence, that the government needed to share information, and maybe declassify intelligence, as quickly as they could,” Cancel said. “And vice versa — it’s very important for the utility industry or the energy sector to share information back with the government to provide context [and] situational awareness.”

The result has been what Cancel called an “unprecedented level of engagement” between the government and private sector, both in the U.S. and Canada. Through both classified and unclassified briefings, as well as online alerts, public officials have made regular sharing of threat data a staple of the Cybersecurity and Infrastructure Security Agency’s Shields Up program; the E-ISAC has done its part by holding regular webinars open to the entire electric industry, not just its own members.

Cancel said a top priority has been including other critical infrastructure sectors, such as the telecommunications, finance and natural gas industries. This way all participants can benefit from each other’s work.

“The electricity sector has been operating with shields up for probably a decade — I can’t think of a day when we didn’t,” Cancel said. “But I still think the guidance was very relevant, just to sensitize people that this is really serious. We’ve got to up our game from a vigilance perspective [and] from an information-sharing perspective because that’s the only way we’re going to be able to protect and respond to a potential attack on critical infrastructure here in the United States.”

The response has also expanded beyond the U.S. and Canada, with officials in Europe reaching out to their counterparts in North America to discuss how to build a united front to the fighting in Ukraine. Cancel mentioned that NERC, the E-ISAC, and the U.S. Energy Association have had conversations with European regulators about their biannual GridEx security exercise, and how similar events could be staged in their countries.

However, he emphasized that while the E-ISAC actively works with European partners in “a number of forums,” U.S. officials are mindful that their role is collaborative rather than leading, and that every nation has its own challenges to deal with.

“There’s always an opportunity to share, not only … threat intelligence and information, but [also] risk mitigation activities and best practices,” Cancel said. “We do demonstrate a leadership role, but … our colleagues overseas … have some very robust risk mitigation programs and cyber programs.”

While Cancel praised the performance of the nation’s frontline cybersecurity defenders, he warned that utilities cannot let themselves become complacent. The current geopolitical tensions may have inspired the industry to its best efforts, but leaders must ensure their focus remains on proactive defense against any potential threats rather than returning to a compliance mentality.

“The minute you talk about standards, people generally — and I did this myself when I was at a utility — talk about, what do I need [in order] to comply, and what happens when I don’t comply?” Cancel said. “That conversation needs to change. I’m not saying you throw the compliance angle, [but] how can … industry and regulatory entities like NERC and FERC, and the rest of the federal government work to … better protect things.”

E-ISAC NERC & Committees