A Department of Energy exercise last year found shortcomings in the way that federal, state and local governments would work with industry to respond to a major cyber incident affecting energy infrastructure on the East Coast.
The results of the “Liberty Eclipse” energy assurance exercise in December are catalogued in a report released by the department on Tuesday, which offers a series of recommendations for the federal government to improve its work to protect the electric grid and other energy infrastructure.
The exercise tested how state and emergency management officials would respond to a cyber incident that took out power across seven states in the Northeast and mid-Atlantic regions, affecting 16.7 million customers and components of critical infrastructure.
Through the exercise, federal officials concluded that the Energy Department needs to support state and local governments and industry to improve how they share information in the event of a cyber incident that compromises energy infrastructure. The department should also work with state and local officials and industry to ensure they have the resources to reduce the risk of cyberattacks, the report recommends.
The report also calls on the federal government to “better define its roles and responsibilities for a significant cyber incident and communicate those roles clearly” to state and local governments and industry.
“The cyber incident coordination frameworks at both the state and federal levels need to be further defined and synchronized with industry,” the exercise found. “Information sharing and the ability to communicate remain prime concerns in an energy emergency — regardless of the cause.”
Cyber threats to U.S. critical infrastructure — and the energy grid in particular — have become a point of concern among lawmakers on Capitol Hill. A group of senators is pushing for a pilot program to test for vulnerabilities in the energy sector and research new technologies to secure them.
The private sector owns and operates an estimated 85 percent of critical infrastructure.