Building Relationships, Trust, Keys to Public/Private Cyber Security Alliances

Government, military, industry and regulatory speakers emphasized the importance of relationship-building in forming public/private bulwarks against the threat of cyberattacks at an expert panel at PJM’s Grid 20/20: Focus on Security and Resilience.

“The hard part is that when you look at physical and cyber threats, they are not always obvious, and that creates all kinds of unique challenges,” said Jonathon Monken, PJM’s senior director of System Resiliency and Strategic Coordination, in kicking off the day’s second of three panels, “Cyber and Physical Security.”

Participants were Tim Blute, program director for Homeland Security and Public Safety Division, National Governors Association; Col. Victor Macias, U.S. Air Force, National Guard Bureau; Laura Ritter, lead security policy adviser for Security Governance and Risk, Exelon; and Bill Lawrence, senior director of Electricity Information Sharing and Analysis Center for the North American Electric Reliability Corporation.

“One of our goals is raising awareness at the state level that this is an issue that needs to be a top priority and has to be a topic of outreach to the private sector,” Blute said.

The governors association is trying to increase state focus on developing emergency response plans around cybersecurity.

“We want them to reach out into the electric sector and bring them into the planning process,” Blute said.

“This is a top-line issue for governors,” he said. “This is the issue that keeps them up at night – what if they wake up and residents don’t have access to electricity or other critical infrastructure because of a cyberattack.”

Macias, of the National Guard, also emphasized the importance of relationships and information-sharing.

“At the end of the day, this is all going to come down to trust and the ability to partner with local units in your locations so we can discuss what is within the realm of the possible,” he said.

By 2019, the Guard expects to have 3,800 “cyber defenders,” about 70 percent of whom also will hold civil employment.

“As our nation invests significant resources into preparing them, they return to home communities, where they are more cognizant of what a threat looks like when they need to raise the flag,” Macias said.

Laura Ritter, lead security policy adviser for Security Governance and Risk, Exelon, also highlighted the need to have good people in place to plan for mutual assistance.

“Leveraging intelligence is huge in what we do every day, coordinating externally among other utilities and with our regulators,” she said. “We are ever evolving, ever getting deeper and deeper, and it comes down to finding the best people that we can – and we know everyone is trying to fight for the best people.”

She added that collaborative aspect does not have to wait to start until there is a threat on the horizon, she said.

Similarly, Bill Lawrence, senior director of Electricity Information Sharing and Analysis Center for the North American Electric Reliability Corporation, said his group’s mission is to reduce cyber and physical security risk through collaboration.

E-ISAC allows industry information to be shared without risking regulatory enforcement consequences.

“We can build that voluntary information-sharing, and it won’t get them audited or have negative compliance-related enforcement,” he said. “If you require reporting, you’re just going to get the minimum. It all comes down to trust.”

Lawrence also offered a positive note.

“The industry is pretty darn good. We have much better internal dialogue going on,” he said. “We’re not resting easy, but we’re not one mouse-click away from the grid going off. We’re not as bad as the fear-mongers out there would like you to believe.”