In the 2015 novel “Ghost Fleet,” the U.S. is challenged in a future war by a technologically savvy enemy. The enemy exploits the cybervulnerabilities in a U.S. military that grew overly reliant on weapons platforms that were reliant on the latest computer and networking tech. Left nearly defenseless, the U.S. comes to realize that it must rely on long-retired, technologically simpler and ultimately more dependable weapons system to fight back.
Although this troubling story is fiction, the threat is real, and the military is not the only sector facing such serious dangers. Some critical energy systems in the U.S. are connected through complex and vulnerable digital technologies as well.
Increasingly automated and complex control systems are essential to the everyday infrastructures that provide everything from the basic necessities of modern life, including communication, navigation and manufacturing, to critical functions of national security. Protecting these systems is one of our most pressing security challenges. In short, while the rapid, worldwide adoption of digital automation technologies has created many benefits, it has also introduced significant cybervulnerabilities to critical infrastructure that must be addressed.
To that end, I recently introduced bipartisan legislation to safeguard the U.S. from these potentially catastrophic threats. This legislation would launch a coordinated effort to help protect these infrastructures from the vulnerabilities inherent in a connected and highly interdependent world. It seeks to identify better ways to protect the country’s critical control systems — those systems that support some of the most important energy sector processes.
A principal goal of the pilot program established by this bill is to identify ways to reduce some of the digital complexity in our critical infrastructure, thereby limiting opportunities for cyberattacks and improving our ability to defend those systems. For example, by replacing vulnerable digital/technologically advanced operating systems — found within many critical infrastructure elements — with far simpler analog devices and/or manual processes and procedures, we can hinder sophisticated cyberenemies. This will require that our nation shift from simple applications of complex technologies to applying new thinking on simple, but more secure and robust solutions.
One of the benefits of less dependence on automation and digital technology in critical infrastructure was revealed in a December 2015 cyberattack against Ukraine’s power grid. The sophisticated attack left more than 225,000 people without power for several hours. Subsequent investigations suggest Ukraine was saved from a much greater impact by operating its grid in manual modes when digital systems could not be trusted.
I’m proud that the solutions to many of these security challenges are being developed in Idaho at the Idaho National Laboratory. INL is a world leader in critical infrastructure and control systems security research — its unique assets and expertise will help drive the innovations this legislation aims to achieve. Leading the reinvention of critical infrastructure security, the lab is developing techniques that can account for both physical and cyberthreats. Along with its national lab, industry and academic partners, INL’s efforts integrating stakeholders and optimizing U.S. investments help enable the nation to achieve a sustainable advantage in critical infrastructure and control systems security.
By encouraging this research, I am working to ensure the U.S. never faces a day where reliance on technology leaves our critical energy infrastructure defenseless against its adversaries.
Jim Risch is a Republican United States senator from Idaho.