Flurry of grid security bills pass House, including public-private training partnership

Dive Brief:

The U.S. House of Representatives on Tuesday passed four bipartisan bills aimed at strengthening the cybersecurity posture of the nation's electric grid, including a trio of measures that have broad support from the electric utility industry.
Among the bills is HR 359, the Enhancing Grid Security through Public-Private Partnerships Act, which would direct the U.S. Department of Energy to provide training to electric utilities to "address and mitigate cybersecurity supply chain management risks."
The Edison Electric Institute (EEI), American Public Power Association (APPA) and National Rural Electric Cooperative Association (NRECA) all support HR 359, telling lawmakers a letter Monday "the industry welcomes close coordination with government partners."

Dive Insight:

Partisan politics may appear to be the norm, but some issues still cross the aisle. Increasingly, electric grid security is one of those.

Energy and Commerce Chairman Frank Pallone Jr., D-N.J., in a joint statement with Energy Subcommittee Chairman Rep. Bobby Rush, D-Ill., said a trio of bills passed in a House voice vote would "dramatically improve our cybersecurity and our readiness to combat potential attacks. ... We're proud that they passed today with such bipartisan support."

Along with HR 359, the utility sector's letter included support for: HR 360, the Cyber Sense Act of 2019, which would establish a voluntary Cyber Sense Program to identify cyber-secure products that could be used in the bulk-power system; and HR 362, the Energy Emergency Leadership Act, which would create a new Department of Energy Assistant Secretary position with jurisdiction over energy emergency and security functions related to energy supply, infrastructure and cybersecurity.

HR 359 would also require the update of an electric reliability planning tool for estimating electricity interruption costs and the benefits of reliability improvements, at least once every two years.

EEI, APPA and NRECA on Monday sent a letter to House leadership supporting the three bills. "Protecting and maintaining electric sector security and reliability is a top priority for our associations and our members," the groups said.

The industry groups say they are "particularly supportive" of HR 359 and HR 362, which "are aimed at strengthening our shared responsibility to protect the nation's critical infrastructure."

The COVID-19 pandemic has "underscored the importance of stopping supply chain threats, including ensuring the security of our electric grid," Rep. Greg Walden, R-Ore., and Rep. Fred Upton, R-Mich., said in a joint statement.

The pair of Republican lawmakers said the bills "will bolster our energy security and keep our grid safe from cyberattacks, and we urge our Senate colleagues to take swift action to keep our electric grid safe and running."

The House also passed HR 5760, the Grid Security Research and Development Act, introduced by Rep. Ami Bera, D-Calif. The measure authorizes a coordinated research effort to advance cybersecurity capabilities for the energy sector across DOE, Department of Homeland Security, National Institute of Standards and Technology, and National Science Foundation.

"Our electric grid has become more vulnerable to cyberattacks that threaten essential health care, banking, and defense systems," Bera said in a statement. "In addition, our electric grid is increasingly susceptible to natural disasters like wildfires and hurricanes that are intensified by climate change."

HR 5760 also authorizes DOE to develop technologies to enhance the resilience of the electric grid, including the development of technologies to withstand the impacts of climate change and extreme weather.

The security bills, which now head to the U.S. Senate for consideration, are part of a multi-pronged approach to strengthening grid security. The Federal Energy Regulatory Commission is also seeking comment on potential risks associated with installing bulk power system equipment sourced from certain adversarial nations. And the commission is also considering financial incentives for transmission owners who voluntarily apply certain security standards to facilities that are not currently subject to those requirements.

Security experts say hackers pose a growing threat to the nation's electric grid.

"The energy vertical is the most attacked critical infrastructure vertical and we've seen the number of attacks and their sophistication grow significantly over the past 10 years," said Leo Simonovich, vice president and head of industrial cybersecurity at Siemens Energy.

The energy sector is the "newest risk frontier," he said, adding that 2.5 billion energy-related devices around the world are expected to be connected to the internet over the next few years.

Regulators and lawmakers "have an opportunity to incentivize private industry to help address the cybersecurity challenge," he said. That in turn will help to enable the clean energy transition.

"For energy companies to prosper they have to become digital companies, which means they have to put cyber at the core of their business model," said Simonovich.