Utilities, energy companies, lawmakers and government agencies must work together to reinvent national security, particularly in light of growing threats to electric grids, telecommunication networks and financial systems, Southern Co. Chairman, President and CEO Tom Fanning said June 10.
"Eighty-five percent or better of the critical infrastructure in America is owned by the private sector," Fanning said during a June 10 panel called "A Sprint to Secure the Grid" at the Edison Electric Institute's 2021 annual conference. "This idea that somehow [the U.S. Department of Defense] can fight the battles on somebody else's beaches no longer applies. The two oceans don't protect us."
Even before the Colonial Pipeline Company ransomware attack, the Biden administration on April 20 launched a 100-day plan aiming to protect electric infrastructure from persistent and sophisticated cyberattacks.
Fanning outlined several major steps needed to help secure electric systems in the United States, including shaping behaviors and establishing consequences for threats and attacks.
"There really isn't a good sense of diplomacy in the cyber realm," Fanning said, adding that the U.S. will need to create that, setting expectations "using the full force of the government" including the Treasury, Commerce, State and other departments. Then "impose costs," Fanning said. "If the bad guys come after us, there has to be an eye for an eye or better ... We want to make sure that the bad guys understand there will be consequences for messing with us."
Federal and state agencies already partner with energy companies on physical dangers such as storms and wildfires, but now those groups are working together to combat cyber threats, Fanning and Berkshire Hathaway Energy President and CEO Bill Fehrman said. Fehrman is one of the leads on the administration's 100-day plan and both CEOs have been involved in other federal efforts.
"Really the intent of this is to take this 100 days and do an incredible sprint so that we can get the industry up to speed on technologies that have the capability of monitoring our [operational technology] networks and then sharing that information with our government partners," Fehrman said. "Having a foundational system that can collect [operational technology] data, get it to the government and ultimately get it into the hands of the intelligence agency to quickly analyze that ... is really going to expedite our defensive posture and our ability to hunt and block the bad guys from getting into our networks."
The Colonial Pipeline attack was the trigger mechanism for some of these new efforts, Fehrman said. Now, representatives from the energy sector and government have identified technologies such as the Dragos industrial cybersecurity system that will work to help protect critical infrastructure and are pushing to bring companies on board, Fehrman added.
"Hopefully at the end of the 100 days we'll have enough people signed up that, much like our [Corporate Human Resources Information System], we will be able to cover 80% to 85% of the customers in the U.S.," Fehrman said. "We cannot operate in a silo."