What do we do when cyber attackers try to disrupt the nation’s power grid increasingly controlled by digital systems? Find more ways for humans to override the sophisticated systems and manually thwart attacks from becoming wholesale catastrophes.
That is exactly what Congressional lawmakers on both sides of the aisle want the U.S. Department of Energy (DOE) to do.
Last month the U.S. Senate passed the Securing Energy Infrastructure Act, which aims to remove vulnerabilities that could allow hackers to access the energy grid through holes in digital software systems. The bill was introduced by Sen. Angus King, I-Maine, and Jim Risch, R-Idaho, with bipartisan co-sponsors, and a House companion bill was introduced by Representatives Dutch Ruppersberger, D-Md., and John Carter, R-Texas.
“As our world grows more and more connected, we have before us both new opportunities and new threats,” King said in a statement upon the bill’s passage. “Our connectivity is a strength that, if left unprotected, can be exploited as a weakness. This bill takes vital steps to improve our defenses, so the energy grid that powers our lives is not open to devastating attacks launched from across the globe.”
If the legislation is ultimately enacted, the DOE would establish a two-year pilot program within the National Laboratories to identify new classes of security vulnerabilities. Researchers would then test “retro” technologies, such as analog and nondigital control systems, purpose-built control systems and physical controls, that could be used to isolate the grid’s most critical systems from cyberattacks.
From those proposed solutions, a national strategy would be developed by a working group comprised of representatives from various federal, state and regional government agencies, the energy industry and other groups with relevant experience. The Energy Secretary would then report to Congress the feasibility of the techniques considered.
The Senate bill was included in the Intel Authorization Act, part of the National Defense Authorization Act, which passed on June 27 by a vote of 86 to 8. Both the Senate and the House cyber security bills were originally introduced in the 114th Congress in 2016, and both were reintroduced by the same authors this January.
These bills are good timing, writes Utility Dive, considering that Federal Energy Regulatory Commission Chairman Neil Chatterje last month warned lawmakers that “America’s critical infrastructure is increasingly under attack by foreign adversaries.”
In written testimony for a June 12 House subcommittee hearing, Chatterjee wrote that the Department of Homeland Security and the Federal Bureau of Investigation have issued multiple public reports describing cyber-intrusion campaigns by foreign government actors against the nation’s critical infrastructure, including the electric grid.
“Physical and cyber-attacks on our critical infrastructure systems have the potential to create significant, widespread, and potentially devastating effects that threaten the health, safety, and economic prosperity of the American people whom we serve,” he wrote. “This evolving threat landscape demonstrates the importance of an unwavering focus on the security of the nation’s critical energy infrastructure.”