These pandemic-related observations and recommendations further highlight the challenges of ensuring the resilience of our nation’s critical infrastructure, including the electric grid, but also offer additional common sense actions that Congress and federal agencies can take in collaboration with the electric power industry.

It is no secret that our nation is under daily cyber assault from a range of entities, including those that would disable or destroy our electric grid in order to bring our economy and our country to a grinding halt.  We have been repeatedly warned about these threats by relevant government agencies and, as the coronavirus demonstrated, we know with certainty that an existential threat can engulf our entire nation with a speed and level of impact that we previously believed was impossible.

In the annex report, the CSC noted that while the pandemic was not a “significant cyberattack,” they found “many illuminating parallels” worth addressing, and they issued four new recommendations in two categories:

Pandemic cybersecurity challenges: ​

• Congress should enact an Internet of Things (IoT) security law subjecting IoT devices to “reasonable security measures” and becoming compliant with basic security protocols.
• The Justice Department should continue working closely with non-profit entities, and provide funding, because trustworthy nonprofits have the capacity and flexibility to act as extra eyes and ears for government agencies and can “disrupt cybercrime,” augmenting and supporting government activities.

Pandemic’s lessons in cyber preparedness:

• Establish a Social Media Data and Threat Analysis Center (DTAC) to fight the flow of false information that confuses and complicates domestic issues.  The National Defense Authorization Act has a provision that allows the Director of National Intelligence to organize and fund a DTAC, and the CSC recommends doing so.
• Increase the private sector’s ability to find and defend against foreign misinformation campaigns, which confuse citizens and can affect public policy decisions.

Among these four recommendations, enacting an IoT security law to enhance the security of the electric grid, is of critical importance. Some 50 billion to 70 billion home and industrial electrical devices are being interconnected via the Internet across our residential, commercial, and industrial base in the U.S., and this trend is sure to increase as more people work from home following the pandemic.

The IoT phenomenon was the subject of an op-ed by Protect Our Power Advisory Panel member Gov. Tom Ridge, the first Secretary of Homeland Security, who noted that while these interconnections will enable more convenient home energy use, efficient manufacturing, improved health care, safer transportation and a cleaner environment, each of them also creates a potential pathway to the grid for foreign governments and other malevolent actors to compromise essential networks – particularly the electric power grid.

The new white paper also reinforces a related recommendation from the full CSC report — the establishment of a National Cybersecurity Certification and Labeling Authority to provide consumers with key information about the security features of the technology products and services they buy. The full report notes that, “as parts of our national economy and day-to-day lives have been thrust out of enterprise networks and into personal and in-home devices,” the need to improve security increases accordingly.

At Protect Our Power, we agree with the CSC that responding to complex emergencies “requires a balance between agility and institutional resilience across each sector of the economy, focusing particularly on critical infrastructure.” In our opinion, focusing first and foremost on the electric grid is paramount, since all other elements of critical infrastructure depend on the grid to provide power so they can operate.

Finally, as history and the pandemic have taught us, there is no substitute for planning and preparation, and prevention is far cheaper, and preestablished relationships far more effective, than a reactive strategy based solely on detection and response.

It is not an exaggeration to suggest that the well-being of our nation and the full recovery of our economy from the coronavirus pandemic depend on swift and decisive action by Congress and relevant federal agencies.

The CSC has provided a detailed roadmap for making our nation far more secure and resilient and, as the new white paper suggests, and Protect Our Power agrees, the CSC’s full set of recommendations “are now more urgent than ever.”