Oct 22, 2015 - 1:00pm

How CISA Keeps Our Businesses Secure, Your Lights on, and Terrorists at Bay

Former Executive Director, Communications & Strategy



The Islamic State has started hacking the U.S. energy grid, attempting to carry out cyberattacks that would cripple parts of our country’s electricity supply. So far, the attempts have been futile, but that may not be the case for long.

"Strong intent. Thankfully, low capability," John Riggi, a senior FBI official, recently told CNN about the attempts. "But the concern is that they'll buy that capability."

The FBI warned that ISIS hackers could soon have their hands on malicious software that could be used to strike energy companies and fuel refineries, which could deal a massive blow to our economy. The University of Cambridge’s Centre for Risk Studies released a study earlier this year suggesting the toll of an attack on the U.S. electric grid alone could exceed $1 trillion.

“An attack on power companies could disrupt the flow of energy to U.S. homes and businesses,” the CNN story points out. “And it's not just Islamic extremists. There's an equal threat from domestic terrorists and hate groups.”

The FBI isn’t the only one concerned about our vulnerability to such a breach. The Edison Electric Institute (EEI), which represents electric companies that provide power to 220 million Americans, published a blog post this week warning that its members are trying to share cyber-related information with one another and with the government, but that those efforts are hindered by our nation’s laws.

“Electric companies work closely with each other and with the federal government to protect their computer networks and critical assets,” the group explained, noting that its members “and the government continuously share cyber threat indicators (CTIs) - the tactics, techniques, and procedures used by malicious actors to compromise their victims' computer networks - in order to protect the personal information of customers and to strengthen the security and resiliency of the electric grid.”

The problem is that those threat indicators aren’t being shared quickly enough.

“It is not anywhere close to where it needs to be in order to keep pace with our adversaries,” EEI wrote in the post. “The sharing of information needs to be faster, more actionable, and more efficient.” In order to facilitate that type of collaboration, though, the group says “companies need more structure and legal certainty around the sharing of CTIs in order to protect themselves, the personal information they maintain, and their networks, systems, and assets from future cyberattacks.”

That’s precisely why electricity companies and so many other energy suppliers support the Cybersecurity Information Sharing Act (CISA). Nearing a vote in the U.S. Senate, CISA would provide much-needed protection for companies that volunteer to share cybersecurity-related information with other business leaders or government officials. With those protections in place, the business community can much more effectively work together to protect against, detect and respond to cyberattacks.

“This legislation will knock down barriers to cybersecurity monitoring and information sharing that hinder companies with even the best of intentions,” Governor Tom Ridge, chair of the U.S. Chamber of Commerce’s National Security Task Force, said earlier this year after CISA was approved by the House. “Improved information sharing helps both businesses and our government partners bolster their defenses against cyberattacks.”

That includes businesses in the energy sector, which work every day to keep our lights on, our businesses productive, and our country moving.

“As owners and operators of critical infrastructure, electric companies understand that a safe and reliable flow of electricity is critical to our nation’s security and to the well-being of all Americans,” the group explained. “That is why EEI and its member companies strongly support the bipartisan Cybersecurity Information Sharing Act.”

Unless lawmakers prefer to work in the dark, or unless they want to give terrorists another avenue with which to attack America, Congress should support CISA, too.

Tell Congress to Protect America's Cyber Networks

More Articles On: 

About the Author

About the Author

Former Executive Director, Communications & Strategy

J.D. Harrison is the former Executive Director for Strategic Communications at the U.S. Chamber of Commerce.