November 22, 2024
NERC’s Cancel Details Grid Threats to House Energy Subcommittee
Witnesses Stress High Security Threat Level
Manny Cancel, NERC
Manny Cancel, NERC | House Energy and Commerce Committee
|
NERC and E-ISAC executive Manny Cancel testified before the House Energy and Commerce Committee’s Oversight and Investigations Subcommittee about cyber and physical threats to the North American power grid.

Appearing before the House Energy and Commerce Committee’s Oversight and Investigations Subcommittee on Tuesday, Manny Cancel, a senior vice president at NERC and CEO of the Electricity Information Sharing and Analysis Center (E-ISAC), warned that the North American power grid remains beset by cyber and physical threats.

In a hearing that stretched more than two hours, subcommittee members grilled Cancel and his fellow witnesses on the biggest threats to the nation’s energy infrastructure, including extreme weather. Questions were often colored by members’ partisan alignments, with Republicans criticizing the Biden administration for allegedly burdening utilities that are already struggling to maintain security with environmental requirements and Democrats trying to draw focus to extreme weather events and the administration’s efforts to combat climate change.

Cancel and the other witnesses — who included Sam Chanoski of the Idaho National Laboratory and Bruce Walker, president and chief security officer of the nonprofit Alliance for Critical Infrastructure Security consultancy — tried to avoid getting entangled in these partisan debates, drawing the conversation back to the security environment.

“While there have been no major outages resulting from a cyberattack in the United States, the threat landscape is complex and includes continuously evolving and persistent threats from sophisticated, capable adversaries,” Cancel said in his opening statement, mentioning the dangers posed by foreign cyber actors, as well as physical dangers from domestic extremists.

Among those foreign adversaries, Cancel gave particular weight to China and its cyber campaign discovered this year, when several federal agencies warned that Volt Typhoon, a cyber actor believed to be sponsored by China, had infiltrated a number of “critical infrastructure organizations” in the U.S. (See NERC Issues Cybersecurity Data Request.) He also called Russia a “top cyber threat [that] refines and employs espionage, influence and attack capability,” and he that noted Iran and North Korea’s “growing expertise and willingness to conduct aggressive cyber operations.”

Rep. Cathy McMorris Rodgers | House Energy and Commerce Committee

Asked by committee Chair Cathy McMorris Rodgers (R-Wash.) whether the E-ISAC currently sees more threats from China or Russia, Cancel admitted the leader is “probably China right now.” But he added that Russia “continues to be a very complex adversary as well,” with the capability to wage a widescale attack against a national power grid as demonstrated against Ukraine in 2015 and 2016. But the industry is seeing “a lot of activity from both” nations, he said.

Rep. Morgan Griffith (R-Va.) | House Energy and Commerce Committee

Subcommittee Chair Morgan Griffith (R-Va.) pointed out that China’s infiltration efforts remain ongoing, with the State Department having discovered just last month that the country had backed a group of hackers that infiltrated its email systems, along with those of other agencies.

He suggested that the news showed that “China is likely capable of cyberattacks that could disrupt our infrastructure” before pivoting to criticism of energy-efficiency standards that the Department of Energy proposed last year for distribution transformers. Griffith called the timing of the proposal “terrible,” implying that the standards would make it much more difficult to replace vital equipment compromised in a foreign cyber incident.

On the domestic side, Cancel noted that the last 12 months have seen several high-profile attempts at sabotaging grid equipment, two of which — in Washington state and North Carolina — succeeded in causing outages for thousands of people. He also mentioned a plot to attack the electric grid in Baltimore that resulted in the arrest of two neo-Nazis in February. (See Feds Charge Two in Alleged Conspiracy to Attack BGE Grid.)

Rep. Kathy Castor (D-Fla.), the subcommittee’s ranking member, picked up the domestic extremist thread in her questioning, asking Walker, “What is going on … with the white nationalist movement, attacking transformers across America?” She was referring not only to the Baltimore plot, but also to three men who pleaded guilty last year to conspiring online to damage electric substations in order to start a race war. (See FBI: Conspirators Planned Grid Attack to Start Race War.)

Walker responded that “physical destruction works. People understand how to do it, [and] the means to do it are readily accessible.” He added that NERC has also highlighted the ongoing threat of domestic extremism, most recently in its 2023 State of Reliability report, released last month.

E-ISAC

Leave a Reply

Your email address will not be published. Required fields are marked *