The largely unknown amount of Chinese-made equipment within the North American grid is a threat to national security, experts warned during a Thursday congressional hearing that explored cybersecurity vulnerabilities within the electric sector.
Witnesses from the Department of Energy and private sector testifying during the Senate Energy and Natural Resources Committee echoed a sentiment increasingly heard in Washington that a longstanding dependence on Chinese technologies and cheap components is now an alarming national security issues for U.S. critical infrastructure.
“I think determining the Chinese origin … of crucial parts of the electric system … is a hair-on-fire urgent matter,” said Sen. Angus King, I-Maine. “That is an enormous opportunity for malicious activity.”
The hearing comes as the U.S. grid is undergoing a dramatic digital transformation and new pressure from the Biden administration for green energy generation. But experts warn that these new technological advancements — whether the necessary technology comes from China or elsewhere — could introduce new vulnerabilities into sensitive networks.
Still, experts seemed most concerned about finding and potentially replacing the Chinese technology that has long been inside the networks and facilities that keep the lights on across the U.S.
Puesh Kumar, director of the Energy Department’s office of Cybersecurity, Energy Security, and Emergency Response, or CESER, said that “we really need to be focused on the China threat when it comes to the critic equipment, both hardware and software that is deployed across the United States.”
He said DOE is working to understand which critical components inside grid systems could have a “debilitating” impact. The department is also looking into what sub-components are manufactured in China and working with national labs to test various equipment for vulnerabilities. “The hard part about some of these questions is, at the top level it looks like an American manufacturer or a friendly country. That’s why … the sub-component level is where it gets a lot harder. So our focus is really looking at all of that equipment.”
The hearing also comes shortly after members of the committee introduced two energy cybersecurity-focused bills.
One from Chairman Joe Manchin, D-W.Va., and Sen. Jim Risch, R-Idah0, would codify DOE’s Energy Threat Analysis Center, which is a current pilot program for increased public-private information sharing.
Kumar made the case for greater information sharing during the hearing. “We are all seeing our own cyberthreats in our own spaces, but we’re not connecting the dots. We’re not seeing: if this is happening out west, is it also happening out east? How do we connect those dots with what we learned from private sector networks and cyber technology companies with the intelligence community?”
Ranking member Sen. John Barrasso, R-Wyo., introduced a bill that would return the head of the CESER to a Senate-confirmed position. Energy Secretary Jennifer Granholm turned the role into a nonpolitical, non-Senate confirmed position in part due to frequent changes in CESER leadership.
Robert M. Lee, co-founder and CEO of industrial cybersecurity firm Dragos, said that he was “surprised the position wasn’t elevated. It absolutely has caused them to be sidelined in some meetings and titles matter in government whether we like it or not.”
Kumar said that he has access to the resources he needs.
The post Dependence on Chinese-made tech threatens grid, experts warn appeared first on CyberScoop.