After President Trump’s executive order requesting a study of the country’s vulnerability to an EMP attack, Gregory Kiley, a former Air Force officer and member of the staff of the Senate Armed Services Committee has written an op-ed in The Hill both applauding President Trump for highlighting the EMP threat, and outlining some of America’s current efforts at protecting the grid and infrastructure. He writes:
Currently, the federal government and electrical industry work together across the sector and through the Electricity Subsector Coordinating Council (ESCC); the North American Electric Reliability Corporation (NERC); the Electric Power Research Institute (EPRI); federal agencies, including the Department of Defense (DOD), Department of Energy (DOE), Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA), FBI, and Federal Energy Regulatory Commission (FERC); and state and local law enforcement agencies. In other words, a lot is already happening and the perception that nothing is being done about the risk of an EMP is misguided.
In fact, today, the federal government works to secure the energy grid through information sharing, which includes the Cybersecurity Risk Information Sharing Program (CRISP). As such:
- CRISP enables near real-time sharing of cyber threat data among government and industry stakeholders, while supporting machine-to-machine threat mitigation.
- Cyber threat information shared through CRISP is helping to inform important security decisions not just among participating companies, but throughout the electric sector, as information obtained by the technology is then shared anonymously.
- CRISP is a public-private partnership co-funded by DOE and industry. CRISP seeks to facilitate timely bi-directional sharing of actionable unclassified and classified threat information, using advanced collection, analysis, and dissemination tools to identify threat patterns and trends across the electric power industry.
Additionally, the federal government and the electric sector plan and regularly exercise for a variety of emergency situations that could impact their ability to provide electricity. In the last two years alone, there have been many incident response exercises, including several national-level exercises:
- National Level Exercise (FEMA, May 2018) tested the ability of all levels of government, private industry, and nongovernmental organizations to protect against, respond to, and recover from a major mid-Atlantic hurricane.
- GridEx IV (NERC, November 2017) gathered more than 450 organizations and 6,500 participants from industry, government agencies, and partners in Canada and Mexico.
- Cyber Guard (DOD/NSA, June 2017) was a weeklong exercise that tested the response capabilities of energy, IT, transportation, and government experts to a major cyberattack.
- FEMA Region III (FEMA, May 2017) conducted a power outage exercise that focused on how Federal, state, and local emergency managers would work with the electricity industry to respond to a physical/cyber-attack on the mid-Atlantic region’s energy grid.
The Executive Order calls for the Federal Government to provide incentives to private-sector partners to encourage innovation that strengthens critical infrastructure against EMPs. It also calls for pilot programs, deliberate and close coordination with private sector, and with an awareness of cost is well stated, and, hopefully, will be so executed.
Read more here.
Originally posted on Your Survival Guy.