{"id":3034,"date":"2024-04-10T17:17:24","date_gmt":"2024-04-10T22:17:24","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80078"},"modified":"2024-04-10T17:17:24","modified_gmt":"2024-04-10T22:17:24","slug":"congress-sounds-alarm-on-lax-dam-cybersecurity","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/04\/10\/congress-sounds-alarm-on-lax-dam-cybersecurity\/","title":{"rendered":"Congress sounds alarm on lax dam cybersecurity"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v21.7 (Yoast SEO v21.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Congress sounds alarm on lax dam cybersecurity | CyberScoop<\/title> <meta name=\"description\" content=\"Amid concerns of growing cybersecurity risks, the federal office in charge of hydroelectric dam security only has four employees.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/dam-cybersecurity-ferc-congress\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Congress sounds alarm on lax dam cybersecurity\"> <meta property=\"og:description\" content=\"Amid concerns of growing cybersecurity risks, the federal office in charge of hydroelectric dam security only has four employees.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/dam-cybersecurity-ferc-congress\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-04-10T22:17:24+00:00\"> <meta property=\"article:modified_time\" content=\"2024-04-10T22:17:25+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1712698253g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1712258582g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1711866546g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80078\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80078\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fdam-cybersecurity-ferc-congress%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fdam-cybersecurity-ferc-congress%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80078 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/dam-cybersecurity-ferc-congress\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.839171974522\">\n<div class=\"single-article__header-content\" readability=\"29.883408071749\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/government\/\"> <span>Government<\/span> <\/a> <\/li>\n<\/ul>\n<p> Amid concerns of growing cybersecurity risks, the federal office in charge of hydroelectric dam security only has four employees. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity.jpg?resize=640%2C426&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> WASHINGTON, DC &#8211; SEPTEMBER 11: Sen. Ron Wyden (D-OR) speaks with reporters in the Senate subway at the U.S. Capitol on September 11, 2023 in Washington, DC. The House of Representatives is scheduled to return Tuesday following an almost six-week break and lawmakers have only a dozen legislative days left to reach a budget compromise and avert a government shutdown. (Photo by Drew Angerer\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"39.087496549821\"><body readability=\"80.564055299539\"><\/p>\n<p>America\u2019s dams lack the resources to beef up their digital defenses, and the federal agency charged with oversight of the sector is understaffed and behind on performing cyber audits, experts said during a congressional hearing Wednesday.<\/p>\n<p>Experts told the Senate Energy and Natural Resources subcommittee that U.S. dams \u2014 which make up over 50% of private electricity generation \u2014 have not undergone cybersecurity audits by <a href=\"https:\/\/cyberscoop.com\/tag\/ferc\/\">the Federal Energy Regulatory Commission<\/a>, which only has four staffers dedicated to the issue.<\/p>\n<p>\u201cI don\u2019t want to wake up to a news report about a small town in the Pacific Northwest getting wiped out because of a cyberattack against a private dam upriver,\u201d Chairman Ron Wyden, D-Ore., said in his opening statement.<\/p>\n<p>While there are <a href=\"https:\/\/nid.sec.usace.army.mil\/#\/\">91,827 dams<\/a> of varying sizes in the U.S., only 2,500 are under FERC\u2019s authority as non-federal dams with hydropower. Hydroelectric dams provide about 28% of renewable energy in the United States.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cToday there are no minimum standards, no audits of a majority of dams and bad cybersecurity. This is inviting cybersecurity trouble in the Northwest,\u201d Wyden said in his opening statement.<\/p>\n<p>What\u2019s worse, FERC\u2019s cybersecurity requirements have not been updated since 2016. Terry Turpin, director of the office of energy projects at FERC, said that the independent agency plans on updating the requirements once they are through auditing around 70% of the dams by the end of fiscal year 2025.<\/p>\n<p>Under pressure from Wyden, however, Turpin said that the update is \u201cachievable\u201d within nine months.<\/p>\n<p>Like many other critical infrastructure sectors, dams are undergoing a modernization effort. Many were built decades ago, meaning that they lack the digital systems that would expose them to cybersecurity vulnerabilities, said Virginia Wright, cyber-informed engineering program manager at Idaho National Laboratory.<\/p>\n<p>But that is expected to change as systems are modernized and adopt digital technology, which can introduce new vectors of attack if not secured properly, Wright said, noting that many dams have few resources to invest in cybersecurity.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Wright recommended that Congress support vulnerability assessments in the U.S. hydroelectric fleet and develop guidance for known weaknesses in digital systems for hydropower.<\/p>\n<p>Wright also argued that modernization is an \u201cexcellent opportunity\u201d to use cyber-informed engineering methods that would build in protections from the worst-case scenarios of a cyber-physical attack.<\/p>\n<p>\u201cCyber-informed engineering asks the engineers who design and operate infrastructure systems to develop engineering controls, which can mitigate the worst consequences that could be caused, even if adversaries penetrate digital defenses and gain control of operational technology,\u201d Wright said in her opening statement.<\/p>\n<p>Concerns over dam cybersecurity are not new. A 2021 <a href=\"https:\/\/www.oig.dhs.gov\/sites\/default\/files\/assets\/2021-09\/OIG-21-59-Sep21.pdf\">report<\/a> from the Department of Homeland Security Office of Inspector General found that the Cybersecurity and Infrastructure Security Agency needs to do more to protect the sector. CISA is the sector risk management agency for dams, and the report found that there is little coordination, tracking, managing or evaluating of its work to oversee dams.&nbsp;<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.3896457765668\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/congress-sounds-alarm-on-lax-dam-cybersecurity-1.jpg?w=640&#038;ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&amp;E News at POLITICO covering cybersecurity in the energy sector. Reach out:&nbsp; christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/dam-cybersecurity-ferc-congress\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Congress sounds alarm on lax dam cybersecurity | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[413,1853,1854,117,873,1210,874,439,1180],"tags":[415,1855,1856,119,875,1211,876,443,1182],"class_list":["post-3034","post","type-post","status-publish","format-standard","hentry","category-critical-infrastructure","category-cyber-informed-engineering","category-dams","category-government","category-ics","category-idaho-national-laboratory","category-operational-technology","category-policy","category-ron-wyden","tag-critical-infrastructure","tag-cyber-informed-engineering","tag-dams","tag-government","tag-ics","tag-idaho-national-laboratory","tag-operational-technology","tag-policy","tag-ron-wyden"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/critical-infrastructure\/\" rel=\"category tag\">critical infrastructure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cyber-informed-engineering\/\" rel=\"category tag\">cyber-informed engineering<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/dams\/\" rel=\"category tag\">dams<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ics\/\" rel=\"category tag\">ics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/idaho-national-laboratory\/\" rel=\"category tag\">Idaho National Laboratory<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/operational-technology\/\" rel=\"category tag\">operational technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ron-wyden\/\" rel=\"category tag\">Ron Wyden<\/a>","tag_info":"Ron Wyden","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3034","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3034"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3034\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}