FERC Chairman Jon Wellinghoff urged the White House or Congress to empower a federal body to respond to cybersecurity threats to the electric grid.
“[FERC electric reliability director Joe McClelland] and I have been saying this — I’ve been saying this before I was chairman — that nobody has adequate authority with respect to both the electric and [natural] gas infrastructure in this country regarding known threats and vulnerabilities,” Wellinghoff said Wednesday at a National Press Club event hosted by IHS Energy Daily.
The power to respond to cyberattacks could be given to agencies such as FERC, the Energy Department or the Department of Homeland Security, he said, but a White House “cyber czar” could also be an option.
“I don’t care who has the authority, just give it to somebody so we can do something,” he told reporters. “The Congress should give someone the authority.”
Wellinghoff said FERC receives periodic reports on cyberthreats that “are very concerning to me.”
“If I had a cyberthreat that was revealed to me in a letter tomorrow, there’s little I could do the next day to ensure that that threat was mitigated effectively by some action by the utilities that were targeted,” he said. “Number one, I don’t have an effective way to confidentially communicate it to the utilities. And number two, I have no effective enforcement authority.”
Last week, FERC released a report countering allegations of improper standards for cybersecurity at electric utilities. But the agency also spelled out its own limited power, noting that the Federal Power Act “leaves a gap with respect to ensuring the security of the bulk-power system against fast-moving cybersecurity threats.”