Governance & Risk Management
IT Risk Management
Legacy Infrastructure Security
Each Proposal Calls for a Different Approach to Mitigating Risks
Lawmakers in the Senate and House have introduced legislation designed to improve and enhance the nation’s electrical grid and respond to concerns that the country’s power system is prone to cyberthreats.
See Also: Live Webinar | Empowering Financial Services with a Secure Data Path From Endpoint to Cloud
On Tuesday, Reps. Bob Latta, R-Ohio, and Jerry McNerney, D-Calif., introduced a pair of bills – The Cyber Sense Act and The Enhancing Grid Security Through Public-Private Partnerships Act. The bills would direct the U.S. Department of Energy to work with private electrical and power utilities to improve cybersecurity across the nation’s grid.
Meanwhile, Sen. Angus King, I-Maine, is leading a bipartisan group in the Senate reintroducing the Protecting Resources on the Electric Grid with Cybersecurity Technology Act, which would provide incentives to electric utilities to make cybersecurity investments.
The proposed Senate bill would also direct the Department of Energy to create grants and programs to offer technical and cybersecurity assistance to smaller utilities that are not regulated by the Federal Energy Regulatory Commission, which regulates the interstate transmission of electricity.
“Our grid is dangerously vulnerable to cyberattacks, putting lives and livelihoods at risk,” King says. “It is absolutely essential that we strengthen our energy grid’s cyber defenses to protect these key services – and to do so, we must work closely with the private sector, which owns much of America’s energy infrastructure.”
King was a co-chair of the Cyberspace Solarium Commission, which last year made a series of sweeping proposals for enhancing U.S. cybersecurity.
White House Action
Last month, the White House rolled out a 100-day plan to address cyberthreats within the electrical grid, which is part of a larger push to make the nation’s critical infrastructure more secure (see: 100-Day Plan to Enhance Electrical Grid Security Unveiled).
The administration’s $2 trillion infrastructure proposal, now pending in Congress, would provide funds for improving and modernizing the nation’s electrical grid, which some experts say would also help improve cybersecurity (see: Biden’s Infrastructure Plan: 3 Cybersecurity Provisions).
Three Bills, Three Approaches
The three new bills each call for different approaches to improving cybersecurity within the nation’s electrical grid.
The Cyber Sense Act introduced in the House, for example, would create a voluntary program within the Department of Energy that would identify and promote the use of secure products and technologies that could be used in bulk-power systems. The bill would also create a process to test hardware and software as well as establish a mechanism for reporting vulnerabilities and flaws in products.
By comparison, The Enhancing Grid Security Through Public-Private Partnerships Act, also introduced in the House, would direct the Department of Energy to create public-private partnerships to help share best practices and exchange data about cyberthreats, while also providing technical assistance and training.
“The Cyber Sense Act and the Enhancing Grid Security Through Public-Private Partnerships Act will collaboratively build a relationship between the DOE and utilities to strengthen our security efforts and keep us safe from domestic and foreign attacks,” Latta says.
Meanwhile, the Senate proposal, the Protecting Resources on the Electric Grid with Cybersecurity Technology Act, would direct the Federal Energy Regulatory Commission to establish incentives for power and electrical utilities to invest in cybersecurity technologies to improve defenses.
For those utilities that are not overseen by the commission, the bill would direct the Department of Energy to create grant and assistance programs to help these smaller firms invest and improve their cybersecurity.
Besides King, Sens., Joe Manchin, D-W.Va., Jacky Rosen, D-Nev., Lisa Murkowski, R-Alaska, and James Risch, R-Idaho are backing the bill in the Senate. A similar proposal introduced in 2019 never made it out of committee.
Over the last several months, a series of reports have raised concerns about the cybersecurity of the nation’s electrical grid.
For example, in March, the Government Accountability Office released an audit that found the country’s electrical grid’s distribution systems that deliver electricity directly to customers are increasingly vulnerable to cyberthreats and the Department of Energy needs to do more to address the issue (see: GAO: Electrical Grid’s Distribution Systems More Vulnerable).
When the report came out, King and other senators sent a letter to Energy Secretary Jennifer Granholm demanding that the DOE place a greater emphasis on cybersecurity as part of strategic planning.