WASHINGTON, D.C. – Last night, the U.S. Senate passed the Securing Energy Infrastructure Act, a bipartisan bill introduced by U.S. Senators Angus King (I-Maine) and Jim Risch (R-Idaho). Both Senators are members of the Senate Intelligence Committee and the Senate Committee on Energy and Natural Resources (ENR). The legislation would defend the U.S. energy grid by partnering with industry to utilize engineering concepts to remove vulnerabilities that could allow hackers to access the grid through holes in digital software systems.   

“For years we’ve seen the danger of cyber-attacks grow as bad actors pursue larger and more sophisticated incursions on our vital systems, but the federal government’s response has not matched the severity of these threats,” said Senator King. “This commonsense, bipartisan bill is an important step in the right direction, and will help protect America’s critical infrastructure from devastating attacks before they happen.”

Senators King and Risch first introduced the Securing Energy Infrastructure Act in the 115th Congress in January 2017, and the legislation has gained momentum in the months since. In March 2017, the ENR Committee held a hearing on the legislation, and in September 2017 the Western Governors’ Association endorsed the proposal. In October 2017, a companion bill was introduced in the House of Representatives by Representatives Dutch Ruppersberger (D-Md.) and John Carter (R-Tex.). In March 2018, the legislation was passed by the ENR Committee. Senators Martin Heinrich (D-N.M.), Susan Collins (R-Maine), and Mike Crapo (R-Idaho) are also original cosponsors of the legislation.

Critical infrastructure within the United States is an enticing target to malicious actors. Notably, these include industrial control systems, which are operational technologies used to measure, control, or manage industrial functions (e.g., supervisory control and data acquisition systems). Industrial control systems are used in oil and gas pipelines, in electric power generation, transmission, and distribution, in the energy sector, and across other sectors such as water management and mass transit. Top officials within the intelligence, defense, and power communities have warned that the United States remains vulnerable to cyber-attacks on these systems, which could result in catastrophic damage to public health and safety, economic security, and national security.

The bill was inspired in part by Ukraine’s experience in 2015, when a sophisticated cyber-attack on that country’s power grid led to more than 225,000 people being left in the dark. The attack’s severity was limited by Ukraine’s use of less complex technology to operate its grid, a concept that helped inspire the bill. The legislation would establish a two-year pilot program within the National Laboratories to partner with industry and develop ways to utilize cyber-informed engineering concepts to simplify and isolate automated systems and remove vulnerabilities that could allow hackers to access the grid through holes in digital software systems.

Senator King has been a leading voice on the need for a national emphasis on cyber deterrence, and has repeatedly pressed officials in both the Obama and Trump Administrations on the importance of deterrence. During an ENR Committee Hearing in June, Senator pushed for leadership on a cyber strategy, saying in part, “We know that a cyber-attack is coming at some point… shame on us if we’re not prepared for it.” In March, he highlighted the topic in both the ENR and Senate Armed Services Committee (SASC). In February, Senator King questioned Admiral Mike Rogers and other top national intelligence officials on the importance of a national doctrine on cybersecurity.