The United States Government Accountability Office (GAO) recently completed and published a study on electricity grid cybersecurity that concluded that the Department of Energy (DOE) needs to ensure its plans fully address risks to electricity distribution systems.

The GAO completed two prior studies of the generation and transmission functions of the electricity grid and found that they are increasingly vulnerable to cyber-attacks. The third function of the electricity grid is distribution, which was the subject matter of this study.

According to the study, the U.S. electricity grid distribution system, which comprise the conduits from electric companies to consumers, and which are regulated by states, “are increasingly at risk from cyber-attacks.” According to the study, “Distribution systems are growing more vulnerable, in part because their industrial control systems increasingly allow remote access and connect to business networks.” Therefore, they can be attacked through “multiple techniques” which can potentially disrupt operations.

The DOE has developed plans for the national cybersecurity strategy for the electricity grid. According to GAO’s study, the DOE’s plans “do not fully address risks to the grid’s distribution systems.” The GAO “recommends that DOE more fully address risks to the grid’s distribution systems from cyberattacks—including their potential impact—in its plans to implement the national cybersecurity strategy.” The DOE agreed with the recommendation and provided information on two research projects that are designed to improve the cybersecurity of distribution systems.

There are several diagrams of the risks to distribution systems in the study which are quite chilling.  The study can be accessed here.

How will a Biden-Harris presidency affect the U.S. privacy landscape? Let’s take a look.

Federal Privacy Legislation

On both sides of the political aisle there have been draft proposals in the last 18 months on federal privacy legislation. In September, movement actually happened on federal privacy legislation with the U.S. Setting an American Framework to Ensure Data Access, Transparency and Accountability Act. To read the bill, visit https://www.billtrack50.com/BillDetail/1242877.

With a Biden-Harris administration, there is potential for continued movement on federal privacy legislation. This movement would likely come from Congress since both the Republicans and Democrats have previously supported (and are pushing for) privacy bills.

E.U.-U.S. Privacy Shield and Data Transfers

With the 2020 “Schrems II” decision  looming over international data transfers, the Biden-Harris administration is likely to pave the way for negotiations with the European Commission for a new version of the Privacy Shield. However, the Schrems II ruling will continue to be a real challenge. The hope is that there can be effective, productive dialogue with the E.U. and that the U.S. can convey the fact that there is a mutually beneficial relationship with intelligence agencies in the U.S. and member states of the E.U.

FTC Enforcement and FCC Rules

During Chairman Joseph Simons’ tenure, the Federal Trade Commission (FTC) has been very active on privacy issues. Examples include the FTC’s enforcement actions against Facebook, Google and YouTube, as well as the Children’s Online Privacy Protection Act (COPPA) rulemaking proceeding held in 2019. Just this past week, the FTC announced a settlement with Zoom for alleged data security failings. While the FTC was certainly busy under a Republican-led agency, it is likely that we will see a heightened level of scrutiny and more enforcement under a Biden-Harris administration. While Chairman Simons can serve until 2024, he might step down, and it is also likely that the FTC will gain more Democratic commissioners.

For the Federal Communications Commission (FCC), a Biden-Harris administration may also lead to a revival of the net neutrality rules.

Cybersecurity

Many experts agree that cyber-attacks are the number one national security threat in the U.S., both from a geopolitical and an economic standpoint. A recent report, the Cyberspace Solarium Commission report, states that one of the biggest reasons for continued cybersecurity issues in the U.S. is the failure of strategy and leadership in this arena, and that now is the time for greater accountability of the government to defend against cyber-attacks.

Big Tech and the U.S.’s International Relationships

There has been a lot of scrutiny on how a Biden-Harris administration will regulate Big Tech in Silicon Valley. Biden has already pledged to create a task force for investigating online harassment, extremism and violence, so it is likely that there will be a focus on privacy, surveillance and hate speech online through some of the Big Tech players in Silicon Valley. We may also see some shifts in the U.S.’s relationship with China when it comes to privacy.

Of course, none of this change will happen overnight, so we’ll be watching as the train chugs forward.