Manchin, Energy Committee Consider Efforts To Improve Cybersecurity For The Energy Sector

August 5, 2020

To watch a video of Senator Manchin’s opening remarks, please click here.

To watch a video of Senator Manchin’s questioning, please click here.

Washington, DC – Today, the U.S. Senate Energy and Natural Resources Committee held a hearing to examine federal and industry efforts to improve cybersecurity for the energy sector. U.S. Senator Joe Manchin (D-WV), Ranking Member of the Committee, addressed concerns over security threats to America’s energy infrastructure in the midst of a global pandemic.

“The COVID-19 crisis has made our nation – and the world – acutely aware of the consequences of being underprepared for a catastrophic event. The pandemic has forced the energy industry to adapt to new challenges and vulnerabilities with more employees working remotely. There are certainly lessons to be learned from this moment in history about the need to invest in protections to avoid, mitigate, and respond to events that challenge our grid’s resilience, and thereby our national resilience. You all know well that threats to critical infrastructure are serious and increasing. Legacy grid systems were not designed to defend themselves against modern cyberattacks and, as they grow more and more connected to the internet, our electric systems grow more and more vulnerable,” Ranking Member Manchin said.

Ranking Member Manchin also highlighted the challenges that grid operators, like PJM, face in identifying potential security vulnerablilties and what needs to be done to improve collaboration on various cybersecurity and critical infrastructure protection initiatives.

“As the largest grid operator in the country, I appreciate that PJM takes cyber security seriously. The states and utilities that make up the PJM service territory, including West Virginia, vary a lot in their ability to address and get ahead of cyber grid threats, leaving an important role for PJM to make sure the system isn’t made vulnerable by any one actor. Are you all able to run scenarios that you can test to see if they’re up to your standards, even if they’re reporting they are? Do you do cyber tests to see if you’re able to get into their system or basically show they have still some vulnerabilities,” Ranking Member Manchin asked.

“No, we do not do that. That’s something that we don’t feel is in our jurisdiction based on how we operate. We do collaborate a lot with the members but we don’t do that,” said Mr. Thomas F. O'Brien, Senior Vice President and Chief Information Officer, PJM Interconnection. “Let me clarify, we do extensive red teaming and penetration testing on our own­ systems. What we don’t do is red teaming and penetration testing on our member company’s systems, where data flows into us.”

Ranking Member Manchin indicated he would follow up with PJM and other entities involved such as NERC to ensure there are adequate opportunities for security testing throughout the system.

The hearing featured witnesses from the Department of Energy, Federal Energy Regulatory Commission, Siemens Energy, Inc., and PJM Interconnection. To read their testimony click here.  

To watch the hearing in full, please click here.