Those challenges include:
- A lack of a coordinated approach to monitor industry compliance with voluntary standards.
- Aspects of the current regulatory environment made it difficult to ensure the cybersecurity of smart grid systems.
- A focus by utilities on regulatory compliance instead of comprehensive security.
- A lack of security features consistently built into smart grid systems.
- The electricity industry did not have an effective mechanism for sharing information on cybersecurity and other issues.
- The electricity industry did not have metrics for evaluating cybersecurity.
According to the GAO, the electric power industry is increasingly incorporating information technology systems and networks into its existing infrastructure. This use of IT can provide many benefits, such as greater efficiency and lower costs to consumers, however, this increased reliance on IT systems and networks also exposes the grid to cybersecurity vulnerabilities. GAO has identified protecting systems supporting our nation’s critical infrastructure, including the electricity grid, as a governmentwide high-risk area.
GAO was asked to testify on the status of actions to protect the electricity grid from cyber attacks. Accordingly, this statement discusses cyber threats facing cyber-reliant critical infrastructures, which include the electricity grid and actions taken and challenges remaining to secure the grid against cyber attacks.