DES MOINES — The Iowa Utilities Board plans to seek public records exemptions from the Legislature so it can communicate more thoroughly with utilities and federal regulatory agencies about cybersecurity and cyberattacks.
Under the current public records law, information about cybersecurity at utility companies is not shielded from the public, IUB Chairwoman Geri Huser told the House Commerce Committee Monday. That limits board members and IUB staff from complete access to cybersecurity information, such as how utilities protect against cyberattacks and respond in the event of an attack.
“If they have an attack, they can tell us we need to do A, B and C, but they can’t tell us why,” Huser said.
“If there was an actual attack, they could tell us, but nothing else about it,” added IUB member Nick Wagner.
At this time, Huser said that when she or other IUB staff meet with utilities on those matters they do not retain any documents because they do not want them to become public records.
The request for an exemption to the public records laws doesn’t surprise Randy Evans of the Iowa Freedom of Information Council. Similar exemptions exist for various state agencies, such as the Department of Corrections, that have emergency and security plans.
“The council takes a pretty realistic view of exemptions like that,” Evans said. “We would be concerned if it appeared to be a catchall for other kinds of records.”
ARTICLE CONTINUES BELOW ADVERTISEMENT
Iowa law assumes that government records are open to public inspection unless a specific exemption exists in the law.
Huser also told lawmakers she is in the process of getting federal security clearances so she can discuss cybersecurity with federal agencies, as well as utilities under IUB jurisdiction. Like the federal regulatory agencies, Huser said most utilities have staff members with clearance that allows them to share information — but not with her.
“There are people who have information on cyberattacks on our utilities, but there is no one at IUB with clearance, so we can’t be told about it,” she said. Even with that security clearance, Huser will be limited in what she can share with other board members and staff if they don’t have a security clearance.
Gaining the proper security clearance has taken her more than a year and is not complete, Huser said.
l Comments: (319) 398-8375; firstname.lastname@example.org