December 11, 2019
WASHINGTON, D.C. – U.S. Senator Angus King (I-Maine), co-chair of the Cyberspace Solarium Commission, today announced that the House-Senate conference committee’s version of the FY 2020 National Defense Authorization Act (NDAA) includes the Securing Energy Infrastructure Act, a bipartisan bill introduced by Senators King and Jim Risch (R-Idaho). Both Senators are members of the Senate Intelligence Committee and the Senate Committee on Energy and Natural Resources (ENR). The legislation will develop defenses for the U.S. energy grid through partnerships between the National Laboratories and industry. Specifically, the partnerships will utilize engineering concepts to remove vulnerabilities that could allow hackers to access the grid through holes in digital software systems.
“The energy grid powers our financial transactions, communications networks, healthcare services and most of our daily life– so if this critical infrastructure is compromised by a hacker, these building blocks of American life are at risk,” said Senator King. “Protecting our energy grid is commonsense, bipartisan, and vital to national security, and I’m happy this year’s NDAA will enshrine this needed provision into law.”
The Securing Energy Infrastructure Act aims to remove vulnerabilities that could allow hackers to access the energy grid through holes in digital software systems. Specifically, it will direct the Department of Energy to examine ways that replacing automated systems with low-tech redundancies, like manual procedures controlled by human operators, may be helpful in adverting cyberattacks. This approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber-attacks much more difficult.
The Securing Energy Infrastructure Act was part of the Damon Paul Nelson and Matthew Young Pollard Intelligence Authorization Act (IAA) for Fiscal Years 2018, 2019, and 2020, which was included in the National Defense Authorization Act for Fiscal Year 2020. This legislation was inspired in part by Ukraine’s experience in 2015, when a sophisticated cyber-attack on that country’s power grid led to more than 225,000 people being left in the dark. The attack could have been worse if not for the fact that Ukraine relies on manual technology to operate its grid. The Senator’s bill would build on this concept by studying ways to strategically use “retro” technology to isolate the grid’s most important control systems.
More specifically, the legislation would: