In this blog post I want to explain what the Grid Resilience for National Security (GRNS) subcommittee is and some thoughts that I have on the role of the committee in our broader electric system community. I will try to demystify and add context to what these types of committees are as well.
The Department of Energy (DOE) serves many roles and responsibilities across the broader energy community not only in the electric sector but also in the oil and gas communities. As a federal government agency, it is also the sector specific agency for the energy sector, i.e. the agency on tap to be the face to the community from the US government and help where they can. I have always been a huge fan of the Department of Energy and its numerous missions that help secure national security while just generally being good community members.
To help guide its mission the DOE created the Electricity Advisory Committee (EAC) which is staffed by industry experts. Each are appointed by the Secretary of Energy and become government employees with various focus areas. The EAC looks at everything from storm reliability to grid storage discussions and recommends to the various DOE leaders courses of action and focus that could be of use to the energy community and the broader US. The DOE then reviews and actions amongst its many mission leaders and focus areas.
I was appointed to the EAC earlier this year and its been a fascinating view into timely discussions with true partnership from the DOE representatives. I am generally opposed to the creation of new government agencies, coordination groups, etc. as a panacea for problems. This is especially true on the topic of cybersecurity where I have been fairly critical on the role and responsibilities of government as it comes to cybersecurity and the necessity to engage asset owners and operators as well as the private sector better as partners. What makes the EAC stand out to me though is it is not a government agency with billions of dollars of taxpayer funding that’s meant to solve everything. Instead, the positions are unpaid, everyone there is volunteering their expertise, and the conversations are all collaborative and try to help government break the group think that can form in any large organization.
The DOE has continually recognized cybersecurity as an important national security topic especially for electric systems. Not just the Enterprise information technology (IT) environments but critically the industrial control systems (ICS) or broadly the operational technology (OT) parts of the electric system. That is where the real risk is and what we all need to focus more on beyond regulation.
The DOE, as a result of this sharpening focus, looked to identify critical electric infrastructure (CEI) and defense critical electric infrastructure (DCEI) as defined by the Federal Power Act and amplify its partnership and resourcing of those private sector and public companies that are on the list. Its an important clarification to state: everything is critical. The small local distribution grid to your hometown is critical to the people it serves. An attack against it could have impacts far beyond what we anticipate not just in larger cascading issues but more realistically in American citizen confidence and in emboldening our strategic adversaries. But the US government cannot pretend that everything is critical to it. It must focus if it is to achieve any level of success with its partners and its limited resources. The focus of CEI and DCEI asks the hard-hitting questions of: what’s most critical? And what’s our role in helping those companies?
Beyond just the DCEI the DOE also has a need to understand threats that are over the horizon and how to develop strategies that play to everyone’s strengths to protect our country. As a result, the DOE has established a new subcommittee to the EAC. This inaugural committee is staffed with some truly passionate and committed leaders from around the energy sector including electric and oil and natural gas.
The subcommittee will be chaired by Dr. Paul Stockton. Paul is an exceptional leader and drenched in critical infrastructure security through a career working at various levels of the government from a Legislative Assistant in the US Senate to the Assistant Secretary of Defense for Homeland Defense. He has also consistently been involved in our energy community and held positions on advisory boards for Idaho National Laboratory, the Center for Cyber and Homeland Security Studies at the George Washington University, and as a Senior Fellow at the Johns Hopkins University Applied Physics Laboratory. To say it lightly Paul is a smart dude. More importantly to me, the late and great Mike Assante always told me Paul was someone to trust. That is all I ever needed to know his caliber.
I am proud to announce that I have been selected as the vice-chair of the committee. My time in government was at the lower levels (I exited as a Captain in the US Air Force after spending my young career at the National Security Agency) but my entire career has been focused on those ICS and OT systems that we are all so rightfully focused on. More importantly, the ICS/OT cybersecurity community and the broader industrial community across energy, manufacturing, rail, mining, water, and more have always been gracious to allow me to be a member of the community. I say all that to stress what Paul and I are bringing to this subcommittee filled with experts and passionate folks: the community approach.
We have a big charge for the GRNS subcommittee. And we need to ensure it’s not just “yet another committee” that doesn’t achieve it’s goals. We are going to be laser focused on accomplishing one or two things at a time instead of boiling the ocean. But the most important focus here is on the community. It is my opinion that the US energy community particularly does not get the credit it deserves when it comes to their investment and partnership. You need to look no further than the Electric Sector Coordinating Council and the amazing work done there as a CEO led organization in partnership with the Department of Homeland Security and Department of Energy to see what all these electric companies give up in time and focus to dedicate towards the national security mission.
Can we do more as a community? Yes. But does the community do more than it gets credit for? By far. I see it as our role on the GRNS to not only push the community forward by advising the DOE on cybersecurity focused topics for our electric system but to also highlight the amazing work done by our energy community. It is my goal that this subcommittee truly embraces its unique role in partnership to ensure we are talking with the electric system players, not at them.