electric grid

Senators call for Congress-approved cybersecurity position at Department of Energy

Several senators from both parties called for the elevation of the cybersecurity director position at the Department of Energy during a hearing on Thursday.

Congress has spent years criticizing the White House and Secretary of Energy Jennifer Granholm for effectively downgrading the cybersecurity position from an assistant-secretary level role that would require Senate confirmation to the director-level role that is currently held by Puesh Kumar.

Energy Department officials have previously said they believe the position is “too important to leave subject to the whims of shifting politics” and claimed that the lack of Senate confirmation did not affect the position’s standing within the department.

In a 2021 letter to senators, Granholm said “emergency preparedness and management is best handled by a stable, professional set of employees who have developed relationships with industry partners and do not have to go through a learning curve when crises happen.

“And as you know, with extreme weather events escalating, having consistent, professional, nonpartisan leadership at the helm of this office is crucial,” she added.

The first and only Senate-confirmed assistant secretary of Cybersecurity, Energy Security, and Emergency Response Preparedness (CESER) was Karen Evans, who spent 18 months in the position before leaving in 2020. Since she left, the position has been held on an “acting” basis or by career deputies or unconfirmed directors like Kumar.

But on Thursday, Sens. John Barrasso (R-WY) and Joe Manchin (D-WV) criticized the decision.

Barrasso noted that a bipartisan group of senators urged Granholm to assign an assistant secretary to the position after she was sworn in, but no action was taken. Two months later, the Colonial Pipeline ransomware attack took place.

On Wednesday, Barrasso and several other Republican senators introduced a bill that would require an assistant secretary to lead CESER.

“CESER’s leadership never should have been downgraded from assistant secretary in the first place – not when attacks on America’s critical energy systems are only growing in size and severity. The leader of CESER must be restored to assistant secretary to put the U.S. in the best possible position to track and mitigate national security threats,” said Sen. James Risch (R-ID).

Rob Lee, CEO of cybersecurity firm Dragos, was asked about the issue on Thursday and noted that while he thinks Kumar is doing a good job in his role, he is “surprised the position wasn't elevated.”

“It absolutely has caused him to be sidelined in some meetings.” he said. “Titles matter in government whether we like it or not.”

Kumar declined to address the issue in his testimony, deferring all questions to the President and Congress.

But he did argue that he has “access to the department's resources and leaders to accomplish” the position’s goals.

The Department of Energy and White House did not respond to requests for comment.

Puesh Kumar DOE
Puesh Kumar testifying at a hearing on Thursday.

Threats from China, overlapping regulations

Significant parts of the hearing focused on the threats faced from China and potential issues related to overlapping regulations issued by several U.S. regulatory bodies.

Several senators expressed concern about the reliance on Chinese manufactured transformers – passive components that transfer electrical energy from one electrical circuit to another.

Kumar was pressed numerous times on the number of transformers made in China that were integrated into the U.S. power grid and the cybersecurity implications of their use. He said the department is focused on a range of solutions to the issue that included increasing domestic production, reducing the amount of time needed to build transformers and pushing suppliers to buy locally.

But he noted that there are several issues the department faces. CESER started with just 20 employees and is now looking to expand to 80. They are also starting an energy threat analysis center pilot that will help them coordinate threats from both the private sector and intelligence agencies that may have better insights into the threat landscape.

“We are all seeing our own cyber threats in our own spaces. But we're not connecting the dots,” Kumar said.

“We're not seeing, ‘if this is happening out west, is it also happening out east?’ How do we connect those dots with what we learned from private sector networks and cyber technology companies with the intelligence community? That's where we need to go in the future if we're truly going to get on top of this threat.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.