A federal agency should have the lead role in securing the critical infrastructure, MIT researchers said, but they did not state whether that agency should be Homeland Security.
A
single federal agency should be in charge of defending the nation's critical
infrastructure from cyber-attacks, and not the patchwork of organizations
currently in charge, according to researchers from the Massachusetts Institute
of Technology.
In
a 268-page report on the
future of the United States electric grid through 2030 released Dec. 5, a
team of MIT researchers recommended that a single federal agency have the
appropriate regulatory authority to be responsible for cyber-security
preparedness, response and recovery. The report looked at ways to safeguard the
power grid, the need for utilities to switch to smart meters and improve the
grid's efficiency, and funding for research and development to develop
procedures for responding to cyber-attacks, among other things.
Cyber-attacks
will happen, but a single agency would be better able to address the problem
rather than several federal, state and local entities responsible for various
parts of the grid trying to coordinate with each other, the researchers wrote.
Such a mishmash of organizations are not working together, even though
cyber-security regulations for bulk power systems already exist. However, the
researchers noted that local distribution utilities are not subject to these
regulations.
"This
lack of a single operational entity with responsibility for grid cybersecurity
preparedness as well as response and recovery creates a security vulnerability
in a highly interconnected electric power system comprising generation,
transmission, and distribution," the researchers wrote.
No
single agency has responsibility and authority for the entire grid, although
the Obama administration and members of Congress have stated that the
Department
of Homeland Security should take the lead role. Other members of Congress
have suggested that the Department of Energy or the Federal Energy Regulatory
Commission should be in charge. There have even been discussions of putting the
Department of Defense in charge.
Gen.
Keith Alexander, head of the National Security Agency and commander of U.S.
Cyber Command, recently said any government action in cyberspace must be led by
the DHS, with regular reviews to ensure that civil liberties and privacy are
protected.
A
new bill that would clearly outline the Department of Homeland Security's role
as the lead federal agency protecting critical infrastructure from
cyber-attacks will be introduced next week, Rep. Dan Lungren, R-Calif.,
chairman of the House Homeland Security's Cyber-security, Infrastructure
Protection and Security Technologies Subcommittee said Dec. 6. He did not
expect the subcommittee to have time to mark it up and approve it before the
end of the year.
Email
Print
