January 10, 2017
WASHINGTON, D.C. – U.S. Senators Angus King (I-Maine) and Jim Risch (R-Idaho), both members of the Senate Intelligence Committee, today renewed their push to protect critical U.S. energy infrastructure from potentially catastrophic cyber-attacks by reintroducing the Securing Energy Infrastructure Act. The legislation would examine solutions to defend the U.S. energy grid using a “retro” approach that has shown promise as a safeguard against cyber-attacks by replacing key devices like computer-connected operating systems, which can be vulnerable to cyber-attacks, with less-vulnerable analog and human-operated systems.
“More than a year has passed since we saw Ukraine plunged into darkness as a result of a cyber-attack that cut electricity to hundreds of thousands of people,” Senator King said. “Meanwhile, here in the United States, we have been too slow to take meaningful action to protect ourselves from similar attacks. It’s vital that we act now to bolster the grid’s cyber defenses or we risk a potentially catastrophic attack. This bill has broad, bipartisan support, and I hope we can advance it quickly in the new Congress.”
“The continued threats against our critical energy infrastructure systems in the United States require investments that will help enable our nation to achieve a sustainable advantage in critical infrastructure and control systems security,” said Senator Risch. “This legislation utilizes the unique assets and expertise of our national laboratories to drive innovation as they reexamine critical infrastructure security – I am proud that Idaho National Lab is a leader on this important, national security issue.”
Senators Martin Heinrich (D-N.M.), Susan Collins (R-Maine), and Mike Crapo (R-Idaho) are also original cosponsors of the legislation reintroduced today.
Earlier this month, the U.S. Department of Energy warned that the U.S. grid “faces imminent danger” from cyber-attacks. The Department’s Quadrennial Energy Review warns that a widespread power outage caused by a cyber-attack could place at risk the health and safety of millions of citizens.
Top officials within the Intelligence Community have testified that U.S. critical infrastructure are enticing targets to malicious actors. Those officials have also warned that, without action, the U.S. remains vulnerable to cyber-attacks that could result in catastrophic damage to public health and safety, economic security, and national security.
The Securing Energy Infrastructure Act aims to remove vulnerabilities that could allow hackers to access the energy grid through holes in digital software systems. Specifically, it would examine ways to replace automated systems with low-tech redundancies, like manual procedures controlled by human operators. This approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber-attacks much more difficult. The bill, which was introduced last Congress, received a hearing in the Senate Energy and Natural Resources Committee.
This legislation was inspired in part by Ukraine’s experience in 2015, when a sophisticated cyber-attack on that country’s power grid led to more than 225,000 people being left in the dark. The attack could have been worse if not for the fact that Ukraine relies on manual technology to operate its grid. The Senator’s bill seeks to build on this concept by studying ways to strategically use “retro” technology to isolate the grid’s most important control systems.
More specifically, the legislation would:
To text of the legislation is available HERE.
###