One of the greatest concerns of a cyber attack directed against the United States would be if it targeted critical infrastructure, including the nation’s power grid and energy infrastructure. The stakes have been increasingly high as the security clearance backlog has hindered cybersecurity efforts within the Department of Energy. This has been a problem for more than three years, but help could be on the way.
Last Tuesday, in a unique show of bipartisan support, the House of Representatives unanimously passed four bills aimed at securing the power grid and other energy related infrastructure from cyberattacks. All four bipartisan bills were approved by voice vote and supported by leaders of the House Energy and Commerce and House Science, Space, and Technology panels.
“We applaud these legislative efforts that underscore our own efforts to enable critical infrastructure organizations to improve cyber resiliency,” said Andrea Carcano, co-founder of Nozomi Networks via an email to ClearanceJobs.
“Many utilities, for example, are evaluating options for augmenting the cyber security of their industrial networks,” Carcano added. “One fundamental security best practice is having real-time visibility into cyber security attacks, risks and incidents. Previously, the technology to provide such visibility for large, heterogeneous, high availability (HA) industrial systems, did not exist.”
Enhancing Grid Security
One of the bills, HR 359, Enhancing Grid Security Through Public-Private Partnership Act would require the Department of Energy to establish a program to enhance the cyber and physical security of electric utilities, along with issuing a report on ways to enhance security to address threats. The bill had the support from the private sector, with Edison Electric Institute (EEI), American Public Power Association (APPA) and National Rural Electric Cooperative Association (NRECA) telling lawmakers via a letter on Monday “the industry welcomes close coordination with government partners.” HR 359 would also require the update of an electric reliability planning tool for estimating electricity interruption costs and the benefits of reliability improvements, at least once every two years.
The Cyber Sense Act
The second piece of legislation was HR 360, the Cyber Sense Act, which would require the Department of Energy to establish a voluntary Cyber Sense program to test the cybersecurity of products and technologies intended for use in the bulk-power system. The bulk-power system includes facilities and control systems necessary for operating an interconnected electric energy transmission network. Both HR 359 and HR 360 were primarily sponsored by Reps. Bob Latta (R-Ohio) and Jerry McNerney (D-Calif.).
The third bill approved was HR 362, the Energy Emergency Leadership Act, which would require the Secretary of Energy to assign energy emergency and energy security functions to an Assistant Secretary, including responsibilities with respect to infrastructure and cybersecurity. It would enhance leadership at the Department of Energy related to cybersecurity missions and ensure the protection of the nation’s energy infrastructure. It was sponsored by Reps. Bobby Rush (D-Ill.) and Tim Walberg (R-Mich.).
“This legislation and the two bills that will follow it are bipartisan bills that will help protect our grid from cyberattacks,” House Energy and Commerce Committee Chairman Frank Pallone (D-N.J.) said on the House floor Tuesday while speaking in favor of the Energy Emergency Leadership Act, The Hill.com reported.
While all three bills received general bipartisan support, House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) did raise concerns on the House floor, stating, “The problem common to the three measures today is that in their current forms, they risk siloing cybersecurity efforts when it comes to protecting the energy sector, as none of them acknowledges DHS (Department of Homeland Security) as the coordinating partner to DOE for cybersecurity.”
A fourth bill HR 5760, the Grid Security Research and Development Act – which was approved by the House Science, Space, and Technology Committee earlier this year – would strengthen the ability of the energy sector to respond not only to cyber but also physical threats such as wildfires, which have become a yearly problem for parts of the country. The bill was sponsored by Reps. Ami Bera (D-Calif.) and Randy Weber (R-Texas).
Industry Votes for More Protection for America’s Power Grid
All four bills now move to the Senate for consideration. The passage of the four bills has earned praise from industry.
“Increasing cyber threats, management concerns and government policies are driving power generation, substation and electric grid operations to improve the resiliency of their systems with enhancements to cyber security programs,” explained Nozomi Networks’ Carcano, who also suggested that there is still more that can be done to ensure the protection of America’s power grid.
“An important part of this effort is the implementation of innovative solutions that improve OT and IoT network visibility, cyber resiliency and availability,” he added. “Without network and device visibility, it’s difficult to stay on top of what’s happening at the grid or substation level. One small change or networking issue can impact reliability, safety and revenue.”