EXCORIATES INADEQUATE CYBER SECURITY ENFORCEMENT

U.S. Rep. Bill Pascrell, Jr. (D-NJ-08) excoriated the North American Electric Reliability Corporation (NERC) during a Homeland Security subcommittee hearing for deliberately and repeatedly providing false information designed to mislead the Homeland Security Committee about its efforts to protect the electric grid.

“I am not convinced that the organization tasked with protecting the electric grid is taking cyber security seriously,” stated Pascrell.  “NERC has repeatedly misled this Committee and lied to Congress to cover up a gaping hole in America’s security.”

During the hearing, Pascrell took issue with the vulnerability of America’s electric grid to a cyber attack, which could cause catastrophic losses of power for extended periods of time.  The magnitude of this vulnerability, called the ‘Aurora vulnerability’ stems from the fact that it can be exploited through the internet if specific devices are made accessible online, an action that occurs regularly.

“America’s current economic trouble would be a stroll in the park compared to the long term damages our economy would sustain if a cyber attack was launched on the electric grid,” stated Pascrell.  “It is an outrage that in these times of heightened security any number of skilled hackers could bring the mightiest economy in the history of the world to its knees with a few clicks of a mouse.”

In 2006 NERC was certified to be America’s “electric reliability organization” by the Federal Energy Regulatory Commission (FERC) and made responsible for the reliability and security of the United States’ electric grid.  During an October 2007 Homeland Security Committee hearing, NERC reported that 75 percent of the transition grid was in the process of implementing mitigation efforts against the Aurora vulnerability.  It was later learned that there was no hard data on which NERC reported their results and that surveys to collect data on the Aurora vulnerability mitigation efforts had not even been issued until after the hearing.  NERC again misled the Committee by reporting that industry data regarding the Aurora vulnerability was collected during a September 2007 meeting in St. Louis.  It was later revealed by attendees of the meeting that no discussion concerning mitigation efforts occurred.      

“NERC will be on a very short leash until it can prove it is adequately protecting our security interests.  I will continue working with the Committee to ensure Congress is being provided honest information and the highest quality of protection for America’s critical homeland security infrastructure,” concluded Pascrell.

###