Gerry Cauley, chief executive officer of the North American Electric Reliability Corp. (NERC), said that industry needs to have access to real-time information on cybersecurity threats that the US government possesses. The NERC is an industry-sponsored organization that develops cybersecurity and other standards for the electricity industry.
“The electric industry is in the best position to understand the impact that a particular event or incident could have on the [power grid], but they do not have the same access to actional intelligence and analysis that the government does. This lack of information leads the industry to be, at best, a step behind when it comes to protecting against potential threats and unknown vulnerabilities”, Cauley told the House Armed Service Committee’s subcommittee on emerging threats and capabilities in written testimony.
The NERC head expressed frustration with the US government in terms of sharing information about cyber threats. “Too often, we have heard from government agencies that the threats are real, but are given little or no additional information. This leads to frustration among the private sector leaders who are unable to take fact-based responsive measures due to ill-defined and nebulous threat information.”
Cauley stressed that there must be greater cooperation between the government and industry to keep US critical infrastructure safe. “Increasing information sharing and growing trusted relationships between government agencies and the private sector organizations can go a long way in improving the overall security posture of our critical infrastructure.”