Issue Briefs

Cyber Threat Data Sharing Needs Refinement

Cyber Threat Data Sharing Needs Refinement

Constance Douris

August 11, 2017

Click here to download the full study as a PDF. 

Technologies are being interconnected and integrated onto the nation’s electric grid to decrease weaknesses. However, these physical and computerized elements multiply the number of access points for cyber risks, making protection of the grid challenging. If done correctly, sharing cyber threat information eliminates the chances for one cyber threat or attack to affect multiple stakeholders.

In theory, one entity identifies a cyber threat or attack and shares the collected information with public and private sector partners. The intelligence is then applied to protect these partners’ networks. The intent is for data and systems to become more secure and less prone to cyberattacks when intelligence and resources are shared among many stakeholders. Without data sharing, it is almost impossible to detect, defend and contain systemic attacks early.

While sharing cyber threat data sounds easy, it is complicated by legal, operational and privacy issues. The private sector believes the government is good at collecting threat intelligence, but is hesitant to embrace it as an equal partner. Furthermore, the private sector fears it may be exposed to lawsuits for disclosing sensitive personal or business information. Released threat data could harm a company’s reputation and even cause its stock price to drop. The data could also be used for regulatory actions or for law-enforcement and intelligence collection activities. Hence, the private sector is reluctant to share threat data without an incentive.

According to Agnes Kirk, Chief Information Security Officer of Washington, states are recognizing their important role of protecting critical infrastructure. At this time, there are no consistent cybersecurity controls for the distribution system, the final stage operated by utilities where electricity is delivered to customers. If a successful cyberattack on the distribution system disrupts electricity, devastating economic and security consequences could result. The distribution system needs to be protected to prevent damage to the bulk power system. Due to interconnection, taking down one or more utilities may create a ripple effect that destabilizes electricity in large areas. States need to make serious improvements to guard the grid from cyber threats.

Governors and state legislators need to develop mandates for public utilities commissions to implement strong cybersecurity controls and provide staff with necessary training. Chief information officers and chief information security officers should collaborate more with stakeholders to anticipate and prepare for emerging cyber threats. Governors could direct state information, emergency and security leaders to define roles and responsibilities in support of cybersecurity.

Currently, states in the U.S. are generally having a difficult time tailoring cyber threat intelligence to their distinctive needs. Automating the information sharing process, as California is currently pursuing, would ensure accuracy and speed of valuable and actionable data while decreasing costs. In addition, lessons learned from major cyber breaches ought to be thoroughly studied so that states are better equipped to defend their networks and respond. National Guard units are also assets that should be further developed to prepare and respond to a cyberattack on the electric grid.


constanseConstance Douris is Vice President of the Lexington Institute. She has published articles and white papers on the smart grid, nuclear deterrence, missile defense and European security. Douris has given speeches on smart grid data privacy, cyber security of the electric grid and the European financial crisis. Douris has been interviewed, published or quoted by the Associated Press, New York Times, Washington Post,  Boston Globe, Orange County Register, Japan Times, CBS, NBC, ABC, China Global Television Network, Defense News, Air Force Times, RealClearDefense, Business Insider, The National Interest and other media outlets.

The views and opinions expressed in this issue brief are those of the authors and do not necessarily reflect the policy of GPI.