WASHINGTON, D.C. – U.S. Senators Angus King (I-Maine) and Jim Risch (R-Idaho), members of both the Senate Intelligence and Energy and Natural Resources Committees, today applauded the introduction of the Securing Energy Infrastructure Act in the U.S. House of Representatives by Representatives Dutch Ruppersberger (D-MD) and John Carter (R-TX). The bipartisan legislation serves as a companion bill to legislation introduced by Senators King and Risch and aims to examine solutions to defend the U.S. energy grid using a “retro” approach that could safeguard against cyber-attacks.

“Over the past several years, we have weathered numerous cyber-attacks that have targeted American businesses, people, and government agencies, with the potential for bigger and more damaging attacks growing by the day. That’s why strengthening major components of our national infrastructure – like our electric grid – is critical to our national security,” Senator King said. “By making our electric grid more resilient, we can mitigate the impact of major cyber-attacks on our country and protect American people. I am encouraged to see this common-sense bill has gained support in the House, and urge my colleagues in both the House and the Senate to move it through Congress.”

“Recent cyber-attacks against the U.S. demonstrate how urgently we must act to better defend ourselves, our critical energy infrastructure and our control systems from potentially catastrophic threats,” said Senator Risch. “I appreciate Congressmen Ruppersberger’s and Carter’s leadership in introducing a companion version of our Senate bill in the House today. There is a clear need to develop techniques and technologies to secure our grid and I look forward to working with our partners in the House to see it through.”

Congressman Ruppersberger said, “The serious threats to our critical energy infrastructure continue to escalate in cyberspace at an alarming rate. We know our adversaries are exploiting vulnerabilities that exist at both large and small energy companies. In a world centered on technology, we must shore up systems that protect critical resources.”

“Securing our country’s energy infrastructure is a national security priority.  Understanding where our system’s weak spots are will only enhance efforts to support robust efforts to ensure we have the most stable and secure energy networks in the world,” said Congressman Carter.

The text of the Securing Energy Infrastructure Act is included as part of the Senate Select Committee on Intelligence’s markup of the Fiscal Year 2018 Intelligence Authorization Act, which currently awaits the consideration before the full Senate. The bill was inspired in part by Ukraine’s experience in 2015, when a sophisticated cyber-attack on that country’s power grid led to more than 225,000 people being left in the dark. The attack’s severity was limited by Ukraine’s use of manual technology to operate its grid, a concept that helped inspire the bill.

More specifically, the legislation would:

• Establish a two-year pilot program within the National Laboratories to study covered entities and identify new classes of security vulnerabilities, and research and test technology – like devices engineered to be simple and secure – that could be used to isolate the most critical systems of covered entities from cyber-attacks.

• Require the establishment of a working group to evaluate the technology solutions proposed by the National Laboratories and to develop a national cyber-informed strategy to isolate the energy grid from attacks. Members of the working group would include federal government agencies, the energy industry, a state or regional energy agency, the National Laboratories, and other groups with relevant experience.

• Require the Secretary of Energy to submit a report to Congress describing the results of the program, assessing the feasibility of the techniques considered, and outlining the results of the working groups’ evaluation.

• Define “covered entities” under the bill as segments of the energy sector that have already been designated as entities where a cyber-security incident could result in catastrophic regional or national effects on public health or safety, economic security, or national security.

###