June 28, 2019
WASHINGTON, D.C. – Yesterday, the U.S. Senate passed the Securing Energy Infrastructure Act, a bipartisan bill introduced by U.S. Senators Angus King (I-Maine), co-chair of the Cyberspace Solarium Commission, and Jim Risch (R-Idaho). Both Senators are members of the Senate Intelligence Committee and the Senate Committee on Energy and Natural Resources (ENR). The legislation will defend the U.S. energy grid by partnering with industry to utilize engineering concepts to remove vulnerabilities that could allow hackers to access the grid through holes in digital software systems.
“As our world grows more and more connected, we have before us both new opportunities and new threats,” said Senator King. “Our connectivity is a strength that, if left unprotected, can be exploited as a weakness. This bill takes vital steps to improve our defenses, so the energy grid that powers our lives is not open to devastating attacks launched from across the globe. It’s bipartisan, it’s commonsense, and it’s necessary – I’m glad that the Senate has advanced this important legislation.”
The Securing Energy Infrastructure Act aims to remove vulnerabilities that could allow hackers to access the energy grid through holes in digital software systems. Specifically, it will examine ways to replace automated systems with low-tech redundancies, like manual procedures controlled by human operators. This approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber-attacks much more difficult. The bill, which was introduced in the 114th Congress, received a hearing in the Senate Energy and Natural Resources Committee in 2016.
The Securing Energy Infrastructure Act was part of the Damon Paul Nelson and Matthew Young Pollard Intelligence Authorization Act (IAA) for Fiscal Years 2018, 2019, and 2020, which was included in the National Defense Authorization Act for Fiscal Year 2020. This legislation was inspired in part by Ukraine’s experience in 2015, when a sophisticated cyber-attack on that country’s power grid led to more than 225,000 people being left in the dark. The attack could have been worse if not for the fact that Ukraine relies on manual technology to operate its grid. The Senator’s bill seeks to build on this concept by studying ways to strategically use “retro” technology to isolate the grid’s most important control systems.
More specifically, the legislation would:
· Establish a two-year pilot program within the National Laboratories to study covered entities and identify new classes of security vulnerabilities, and research and test technology – like analog devices – that could be used to isolate the most critical systems of covered entities from cyber-attacks.
· Require the establishment of a working group to evaluate the technology solutions proposed by the National Laboratories and to develop a national cyber-informed strategy to isolate the energy grid from attacks. Members of the working group would include federal government agencies, the energy industry, a state or regional energy agency, the National Laboratories, and other groups with relevant experience.
· Require the Secretary of Energy to submit a report to Congress describing the results of the program, assessing the feasibility of the techniques considered, and outlining the results of the working groups’ evaluation.
· Define “covered entities” under the bill as segments of the energy sector that have already been designated as entities where a cyber-security incident could result in catastrophic regional or national effects on public health or safety, economic security, or national security.
In addition to Senators King and Risch, the legislation is cosponsored by Senators Susan Collins (R-Maine), Martin Heinrich (D-N.M.), and Mike Crapo (R-Idaho). A companion bill has been introduced by Representatives Dutch Ruppersberger (D-Md.) and John Carter (R-Tex.) in the House of Representatives.