Federal and the state governments should emphasize planning for recovering after a cyberattack rather than focusing so much on preventing the attacks, the commander of Washington National Guard’s cyber unit has told a Senate committee.
Washington state is trying to integrate cybersecurity into its plans for responding to emergencies, Col. Gent Welsh told the Senate Energy and Natural Resources Committee on Tuesday.
“The (Washington) National Guard is working with Department of Homeland Security and Federal Emergency Management Agency on developing specifications for actual cyber response teams that can be deployed to help industry,” he said.
His unit, the 194th Wing of the Air National Guard, is the guard’s first non-flying operational wing and has more 1,000 citizen-airmen executing missions in the cyber domain, according to the guard’s official website. Many work in sectors of critical infrastructure, such as utilities, Welsh said.
The committee hearing was aimed understanding if energy delivery systems are secure against cyber threats.
“Federal efforts have principally emphasized efforts to prevent cyberattacks, rather than anticipate response considerations,” Welsh said. He said his unit is working with Washington state on how to respond to attacks.
Key to that planning is realizing that while a cyber attack starts in the virtual world, it’s likely to have physical impacts – on pipelines, electric grids or other critical infrastructure.
“When a pipeline blows up, people are going to be affected,” Michael K Hamilton, founder of Seattle-based Critical Informatics Inc. and a former policy adviser for Washington state, said in a telephone interview.
The National Guard is also working closely with the private sector, Welsh said. Eighty-five percent of U.S. national critical infrastructure is privately owned. “The private sector will need help when something bad finally happens,” Welsh said.
The state also has established the Public Regional Information Security Event Management to share cyber security information among governments, hospitals, utility companies and other private sector players.
Hamilton noted that the state also has “lots of grassroots initiatives – lots of volunteering work of people and businesses in Washington state, that are putting out programs without state support.” He said they address local issues such as 911 services.
During the Senate hearing, a number of energy industry representatives said that the Energy Department should make it easier for companies to get adequate security clearances so they can share information with each other and the government about cyber attacks.
Welsh echoed the position, saying “there can be no partnership without access.”
In an interview after the hearing, he noted that states need to nominate more energy sector officials to receive the federal clearances.