Cybersecurity Improvements Urged

Protection against inside threats and timely communication are two areas of cybersecurity that Congress should consider for helping to improve the defense of the power grid, an electric cooperative leader told U.S. senators.

Duane Highley

Duane Highley

"Critical infrastructure owners and operators understand that the biggest threats tend to be those that are hardest to identify—the insider threat," said Duane Highley, president and CEO of Arkansas Electric Cooperative Corp. of Little Rock.

"We urge Congress to consider legislation giving the FBI the statutory authority to assist industry with fingerprint-based, criminal and terrorist database background checks for industry-determined personnel that perform critical functions. This would assist industry in further mitigating risks in a way we cannot accomplish at the local and state levels."

Highley testified April 4 before the Senate Energy and Natural Resources Committee on behalf of AECC and NRECA. He serves as co-chairman of the Electricity Subsector Coordinating Council, a public-private partnership for critical infrastructure owners and operators on cybersecurity policy issues.

When a utility in the Ukraine saw its operating system come under the control of a hacker that shut it down in December 2015, the federal government shared information with U.S. utilities but not until after it had been received through other channels, he told the lawmakers.   

"While the content of the classified and unclassified information from the government was very helpful, the timeliness of getting specific, actionable information to industry must be improved so that we can respond as quickly as possible," Highley said.