Dive Brief:
- The U.S. Senate on June 27 passed a bipartisan cybersecurity bill that will study ways to replace automated systems with low-tech redundancies to protect the country's electric grid from hackers.
- The Securing Energy Infrastructure Act (SEIA) establishes a two-year pilot program to identify new classes of security vulnerabilities and to research and test solutions, including "analog and nondigital control systems." The U.S. Department of Energy would be required to report back to Congress on its findings.
- The SEIA legislation was included in the National Defense Authorization Act for Fiscal Year 2020. A companion bill has been introduced by bipartisan sponsors in the House of Representatives.
Dive Insight:
The increase in distributed energy resources can serve load more efficiently, but also offers potential attackers more potential entry points.
"Our connectivity is a strength that, if left unprotected, can be exploited as a weakness," Sen. Angus King, I-Maine, who sponsored the bill with Sen. Jim Risch, R-Idaho, said in a statement. Sens. Susan Collins, R-Maine, Martin Heinrich, D-N.M., and Mike Crapo, R-Idaho cosponsored the bill.
The House measure is being introduced by Reps. Dutch Ruppersberger, D-Md., and John Carter, R-Texas.
A 2015 cyberattack in Ukraine that led to a blackout for 250,000 people "inspired in part" the legislation, according to King's statement. Manual controls on Ukraine's system prevented the attack from having a larger impact.
"The attack could have been worse if not for the fact that Ukraine relies on manual technology to operate its grid," the statement read. The bill "seeks to build on this concept by studying ways to strategically use 'retro' technology to isolate the grid's most important control systems," including manual procedures controlled by human operators.
The bill was previously introduced in the 114th Congress and received a hearing in the Senate Energy and Natural Resources Committee in 2016.
The measure establishes a pilot program within the U.S. Department of Energy's National Laboratories, and requires a working group to evaluate the technology solutions it proposes. The working group would also develop a national cyber-informed strategy "to isolate the energy grid from attacks," according to King's statement.
The pilot projects will consider "analog and nondigital control systems," purpose-built control systems and physical controls, according to the bill text.
The working group would include federal agencies, energy industry representatives, a state or regional energy agency, the National Laboratories and other groups.
Recent news that the United States government has been working to insert malicious code into Russia's electric grid has raised the specter of a cyberwar between the two nations. Federal Energy Regulatory Commission Chairman Neil Chatterje told lawmakers last month that critical infrastructure in the U.S., including the electric grid, is "increasingly under attack by foreign adversaries."