While there don’t appear to be any specific, imminent cyber or physical threats to the U.S. power grid, China has been seeking vulnerabilities in network systems to be used in future attacks, panelists said during a U.S. House of Representatives hearing Tuesday on threats to the U.S. energy system.
Volt Typhoon — a group believed to be run by the People’s Republic of China’s state security service — is focused on maintaining ongoing access to U.S. network systems for future potential disruptions, according to Michael Ball, CEO of the Electricity Information Sharing and Analysis Center and senior vice president at the North American Electric Reliability Corp.
China is preparing for conflict over Taiwan, potentially in the “very near term,” and its strategy depends on preventing the United States from mounting a successful rescue mission, Harry Krejsa, director of Studies for the Carnegie Mellon Institute for Strategy & Technology, said during the hearing held by the Energy and Commerce Committee’s energy subcommittee.
Part of China’s plan is to target U.S. civilian infrastructure to create panic and chaos, Krejsa said.
“Our aging infrastructure makes these threats easier, including in our energy ecosystem,” he said. “Today's electricity grid is too often a hodgepodge of digital tools sitting atop an analog foundation, creating seams where adversaries can slip in.”
China is the most persistent cyber threat to the U.S., according to Zach Tudor, associate laboratory director for national and homeland security at the Idaho National Laboratory.
“Through Volt Typhoon, Salt Typhoon [and] Flax Typhoon, the Chinese Communist Party has embedded itself in our energy communications and water systems to set conditions for destructive attacks during the Pacific conflict over Taiwan,” he said. “They're winning without fighting, attempting to undermine our infrastructure.”
Although no U.S. blackouts have been attributed to a cyberattack, “the threat landscape is dynamic and requires continuous vigilance,” Ball said.
Panelists called on Congress to expand programs and funding for cyber defense.
Congress should continue to fund information sharing collaboration initiatives, like the Energy Threat Analysis Center, a pilot initiative led by the Department of Energy that brings together power sector and federal officials, according to Sharla Artz, vice president for security and resilience policy at Xcel Energy.
“Expanding programs like [the Cybersecurity Risk Information Sharing Program] enhances industry and government understanding of the threat landscape and thus needs additional government funding to accomplish that expansion,” said Artz, who represented the Edison Electric Institute at the hearing.
Tim Lindahl, president and CEO of Kenergy, a cooperative utility based in Henderson, Kentucky, urged Congress to reauthorize the $250 million Rural and Municipal Utility Cybersecurity Program, which runs through fiscal year 2026.
Lindahl called on DOE to disburse $80 million in RMUC awards that were announced last fall.
“With continued partnership and targeted federal investment, we can strengthen our defenses and ensure the security of the energy infrastructure that powers our nation,” said Lindahl, who spoke on behalf of the National Rural Electric Cooperative Association.
NERC’s Ball urged Congress to reauthorize the expired Cybersecurity Information Sharing Act of 2015 to support information sharing between the private sector and government.
During the hearing, Rep. Robert Menendez, D-N.J., said the Trump administration was undermining U.S. infrastructure protection efforts by cutting $5.6 billion in funding for state and local grid hardening and resiliency programs.
The administration also fired more than 1,000 cybersecurity and infrastructure agency staff, according to Menendez. It also moved Department of Homeland Security Cybersecurity & Infrastructure Security Agency staff to other agencies, like Immigration and Customs Enforcement, which has “no connectivity to what their work has been,” he said.
“Does that make our country safer and more able to respond to these increasing cybersecurity attacks?” Menendez said.
