Opening Statement – May 5, 2011
Cyber Security in the Electric Sector
“Good Morning. Today’s hearing is devoted to cyber security in the electric sector.
“The safety of the North American power system is critical to the nation’s economy and to our security. Today, that power system includes over 200,000 miles of high-voltage transmission lines, thousands of generating facilities and millions of digital controls. Each year, we upgrade and expand the system, adding more miles of transmission lines, new supply resources, and control devices. As we upgrade and expand the nation’s electric system, we also are modernizing that system. Information technology and communications systems have come to play a significant role in ensuring the reliability and security of the electric sector. While modernization allows us to achieve a variety of important economic and environmental objectives, it also introduces new security concerns. And as this process unfolds, preserving and enhancing the cyber security of our electric infrastructure must be among our top priorities.
“So, let me highlight two things. First, the electric sector is already subject to a set of mandatory and enforceable cyber security standards that are developed by industry stakeholders and approved by the Federal Energy Regulatory Commission. This fundamentally distinguishes the electric sector from virtually all other critical infrastructure sectors. However, I do not believe that the existing suite of reliability standards, and the process for developing them, is sufficient to defend electric infrastructure against deliberate cyber attacks and to address system vulnerabilities. The new authorities contemplated in the Discussion Draft that we’ve circulated fill these gaps in a way that, in my view, complements current cyber security standards.
“The second point I wanted to make is that today is almost exactly two years to the day since our cyber security hearing in the 111th Congress. In fact, we are fortunate to welcome many of the same witnesses. The draft legislation we are discussing today is very similar to the legislation we discussed in 2009. It recognizes positive changes in the standards development and approval processes. However, in the time since our last hearing, the security environment has also changed and certainly much more quickly. Cyber-related threats can arise virtually anytime and anywhere, and change without warning. For these reasons, we should not delay in acting to enhance the cyber security of our electric system.
“I note that this is not the only Committee in the Senate working on cyber security issues. I welcome the opportunity to work closely with other Committees to ensure that the product of this Committee’s efforts works seamlessly with the proposals coming out of other Committees’ work.”
# # #