WASHINGTON, D.C. – U.S. Senator Martin Heinrich (D-N.M.), a member of the Senate Intelligence Committee and the Senate Energy and Natural Resources Committee, joined U.S. Senators Angus King (I-Maine) and Jim Risch (R-Idaho) in advancing bipartisan legislation that aims to protect America’s energy infrastructure from potentially catastrophic cyber-attacks.
The Senate Energy and Natural Resources Subcommittee on Energy held a hearing Tuesday on the bill, the Securing Energy Infrastructure Act, which was introduced in the wake of a January report from the U.S. Department of Energy that warned that the U.S. energy grid “faces imminent danger” from cyber-attacks, and that a widespread power outage caused by a cyber-attack could place the health and safety of millions of citizens at risk.
Senator Heinrich, an original co-sponsor of the bill, expressed his support of the bipartisan legislation, stating, “Cybersecurity is one of the most serious economic and national security challenges we face as a nation. The future of warfare is moving further away from the battlefield and closer to the devices and the networks everyday citizens depend on. Protecting our nation from malicious cyber actors requires a comprehensive approach, and keeping our energy infrastructure secure is central to that. I am especially proud that this legislation would rely on the expertise of New Mexico's National Labs in providing technology solutions and developing a national strategy to isolate the energy grid from cyberattacks."
The Securing Energy Infrastructure Act aims to remove vulnerabilities that could allow hackers to access the energy grid through holes in digital software systems. Specifically, it would examine ways to replace automated systems with low-tech redundancies, like manual procedures controlled by human operators. This approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber-attacks much more difficult. This legislation was inspired in part by Ukraine’s experience in 2015, when a sophisticated cyber-attack on that country’s power grid led to more than 225,000 people being left in the dark. The attack could have been worse if not for the fact that Ukraine relies on manual technology to operate its grid. The bill seeks to build on this concept by studying ways to strategically use “retro” technology to isolate the grid’s most important control systems.
More specifically, the Securing Energy Infrastructure Act would:
- Establish a two-year pilot program within the National Laboratories to study covered entities and identify new classes of security vulnerabilities, and research and test technology – like analog devices – that could be used to isolate the most critical systems of covered entities from cyber-attacks.
- Require the establishment of a working group to evaluate the technology solutions proposed by the National Laboratories and to develop a national cyber-informed strategy to isolate the energy grid from attacks. Members of the working group would include federal government agencies, the energy industry, a state or regional energy agency, the National Laboratories, and other groups with relevant experience.
- Require the Secretary of Energy to submit a report to Congress describing the results of the program, assessing the feasibility of the techniques considered, and outlining the results of the working groups’ evaluation.
- Define “covered entities” under the bill as segments of the energy sector that have already been designated as entities where a cyber-security incident could result in catastrophic regional or national effects on public health or safety, economic security, or national security.
A copy of the bill is available HERE.