February 14, 2012

Cyber Security and the Electric Grid in the FY 2013 Budget

Yesterday President Obama delivered his Fiscal Year (FY)
2013 budget request to Congress. We’ll spend the next few days digging through
the relevant agencies to highlight some of the requests related to programs
that touch on our natural security work.

I thought we’d kick off the week by looking at cyber
security, given that it is an issue that touches on our energy work, specifically
with respect to smart and micro grid technologies. We have been quiet on the
cyber security front in recent months, but our interest has not abated. Nor has
the Obama administration’s, which will continue pushing cyber security spending
in the president’s FY 2013 budget.

Let’s
begin with the Department of Defense (DOD). Like last year, DOD announced that one
of its strategic goals is to reduce its vulnerability with respect to the
electric grid. According to the DOD overview, the department strives to “Protect
critical DoD infrastructure and partner with other critical infrastructure
owners in government and the private sector to increase mission assurance
.”
To accomplish this, the department has set a priority goal that “By
September 30, 2013, the DoD will attain a passing score on a comprehensive
cybersecurity inspection that assesses compliance with technical, operational,
and physical security standards, on an overwhelming majority of inspected military
cyberspace organizations resulting in improved hardening and cyber defense
.”
Meeting this goal would presumably reduce DOD’s vulnerability to the electric
grid, which has been a particular concern for defense experts in recent years.

DOD’s budget includes a ton of funding for cyber security
broadly, which may include electric grid-related activities. The White House
Office of Science and Technology Policy provides an overview with a little more
nuance about how that DOD funding may break down with respect to cyber security
and energy efficiency programs, like smart and micro grid technologies: “The
2013 Budget sustains DOD’s basic research (“6.1”) with a record commitment of
$2.1 billion for research in high-priority areas such as cybersecurity,
robotics, advanced learning, information access, cleaner and more efficient
energy, and biodefense
.”

The
Department of Homeland Security’s (DHS) FY 2013 budget reflects more
investments in cyber security, including efforts to prevent attacks against critical civilian infrastructure like the electric grid. Although the
department’s National Protection and Programs Directorate will see its share of
the budget shrink, the “Infrastructure Protection and Information Security” programming
under the directorate is expected to grow from $888,243,000
in FY 2012 to $1,166,633,000 in FY 2013
(see p. 134).

DHS’s
Science and Technology Directorate will also see funding for a couple of
programs that may enhance grid security. The administration will support the
“Resilient Electric Grid” project at $8.5
million
, which will “protect
electric-power critical infrastructure from the cascading effects of a power
surge on electrical grids due to natural disasters and attacks
.” In
addition, the administration will fund a Cyber Leap Ahead Technologies project
at $3.6
million
to
explore and develop technologies that will improve the durability and
resiliency of cyber systems while experiencing attacks, failures, and other
accidents
.”

The Department of Commerce’s
National Institute of Standards and Technology (which
has developed smart grid cyber security guidelines
) will also see increases
in programs that may bolster cyber security and infrastructure reliability.
According to White House Office of Science and Technology Policy overview, “The
2013 Budget of $708 million for NIST’s intramural laboratories, a 13.8 percent
increase over the 2012 enacted level, will improve NIST’s research capabilities
by supporting high-performance laboratory research and facilities in areas such
as advanced manufacturing, cybersecurity, and nanotechnology
.” These programs may include
continued research into advanced smart grid technologies.

This is just cursory look at
some of the Obama administration’s requests to Congress for cyber security
programming that could bolster our resilience to disruptions against the
electric grid. We’ll have to wait to see how this translates into action.