Cybersecurity Awareness Month Is Good Observance, But What’s Needed Is Urgent, Comprehensive Action

By Jim Cunningham, president, Protect Our Power


As America observes another National Cybersecurity Awareness Month, suffice it to say that the time for raising awareness has passed. The time for action … more action … and more action after that … is upon us.

From the Colonial Pipeline cyberattack, to the Florida water supply intrusion, to the Microsoft client disruption, to a myriad of other ransomware attacks, 2021 has cemented the reality that our nation’s critical infrastructure and economy are under siege – and, worse, they are vulnerable.

At Protect Our Power, our focus is on the security and resilience of the electric grid. This is because virtually every facet of our society and our economy is dependent upon having reliable electricity. This encompasses the electronic devices we hold in our hands, necessities such as the lights, refrigerators and heating systems that make our homes livable, the businesses that power our economy and the treatment plants that purify our drinking water.

Tragically, Hurricane Ida and last winter’s deep freeze in Texas have shown us the cost – in human and economic terms – of major, sustained disruptions to power supplies.

Protect Our Power is working on several fronts to help make the grid more secure and resilient. Since our formation in 2016, we have met with an array of elected and regulatory officials at the national and state levels to raise awareness of systemic hurdles and potential solutions. We are pleased that the bipartisan infrastructure legislation pending in Congress includes provisions and funds to strengthen the grid.

At the same time, however, we believe there are critical cybersecurity needs that will remain unmet if and when this legislation is enacted. Protect Our Power has recommended that, over a five-year period, $22 billion be directed toward a set of grid-oriented funding priorities that include:

  • separate and more secure communications systems that control actual power system operations;
  • support for a “Made in America” power industry supply chain; and
  • funding for municipal power companies and rural electric utilities to offset the cost impact on consumers that would be incurred by dramatically improving grid resilience programs in the near term.

To better protect the electric sector’s supply chain, Protect Our Power is implementing a two-pronged initiative to:

  • drive development of a utility industry supply chain protocol that would ensure grid integrity and, in parallel
  • provide detailed input to the Department of Energy as it works to meet the mandate of the Administration’s February 24, 2021, Executive Order (EO) 14017, America’s Supply Chains.

To achieve the goals of this initiative, POP launched the Supply Chain Collaborative, an ongoing project that has featured active participation by 14 of the nation’s leading power companies and numerous cybersecurity vendors. Over the past year, we have convened four collaborative sessions – a fifth is scheduled for late October – to develop a protocol to secure supply chain integrity and prevent adverse foreign entities from infiltrating the grid with compromised equipment or technology.

Another of POP’s major undertakings is the Cybersecurity Best Practices project. This effort was designed and developed to provide utility companies a single resource for identifying cyber- security products and services that are available to address the myriad cybersecurity challenges facing electric utility companies. The Best Practices project has begun to organize and evaluate the more than 1,000 vendors who offer cybersecurity products and services to enhance the security and resilience of the electric supply system.

The end goal is to provide an ongoing service that makes it easier and faster for electric utilities, public power authorities and electric cooperatives to quickly identify vendors, products and services that are being offered to address specific vulnerabilities so that utilities can make more informed, timely and effective decisions about their cybersecurity investments.

The serious threats facing America’s infrastructure, particularly the electric grid, make it imperative that, as individuals and as a nation, we rise to the challenge and meet the security challenges that are part of our modern-day society. Awareness is a great first step, but awareness alone won’t get the job done. The time for action is now.

Jim Cunningham

Author Bio