CyberScoop reports that significant cybersecurity gaps in dams across the U.S., which account for more than 50% of private electricity generation in the country, have been emphasized during a Senate Energy and National Resources subcommittee hearing.
None of the U.S.'s dams have ever been subjected to Federal Energy Regulatory Commission cybersecurity audits, according to experts, who noted that the agency only has four staffers dedicated to such a task. FERC has also not updated its cybersecurity requirements since 2016 although FERC Office of Energy Projects Director Terry Turpin committed to modernizing such requirements within nine months after pressure from subcommittee Chair Ron Wyden, D-Ore.
Such cybersecurity lapses should prompt Congress to advance vulnerability assessments across the country's hydroelectric infrastructure, as well as cyber-informed engineering approaches, said Idaho National Library Cyber-Informed Engineering Program Manager Virginia Wright.
"Cyber-informed engineering asks the engineers who design and operate infrastructure systems to develop engineering controls, which can mitigate the worst consequences that could be caused, even if adversaries penetrate digital defenses and gain control of operational technology," said Wright.