January 17, 2019
WASHINGTON, D.C. – Renewing their push to protect U.S. energy infrastructure from potential cyberattacks, U.S. Senators Angus King (I-Maine) and Jim Risch (R-Idaho), both members of the Senate Intelligence Committee and Energy and Natural Resources Committee, today reintroduced the Securing Energy Infrastructure Act. The legislation would defend the U.S. energy grid by partnering with industry to utilize engineering concepts to remove vulnerabilities that could allow hackers to access the grid through holes in digital software systems. The legislation unanimously passed the Senate in December 2018, but the House of Representatives did not take action on the bill before the end of the 115th Congress.
“Securing our energy infrastructure is not an abstract policy idea, it is an immediate need to protect our grid from the real threat of malign actors,” Senator King said. “So far, the federal government has not matched this serious threat with the necessary action. Our bipartisan bill has broad support, as evidenced by its passage in the Senate last December, and I hope the new Congress will take swift action on it so we can proactively protect our country’s critical infrastructure from cyberattacks.”
“The increasing complexity of our digital systems has resulted in significant weaknesses and vulnerabilities that need to be addressed,” Senator Risch said. “The Idaho National Lab has the unique assets and expertise needed to drive the innovations to better protect our county from cyberattacks and we are fortunate to have their leadership on this critical issue. I am hopeful we can finish the job we started last Congress and pass this bill into law.”
Top officials within the Intelligence Community have testified that U.S. critical infrastructure are enticing targets to malicious actors. Those officials have also warned that, without action, the U.S. remains vulnerable to cyber-attacks that could result in catastrophic damage to public health and safety, economic security, and national security.
The Securing Energy Infrastructure Act aims to remove vulnerabilities that could allow hackers to access the energy grid through holes in digital software systems. Specifically, it would examine ways to replace automated systems with low-tech redundancies, like manual procedures controlled by human operators. This approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber-attacks much more difficult. The bill, which was in the 114th Congress, received a hearing in the Senate Energy and Natural Resources Committee in 2016.
This legislation was inspired in part by Ukraine’s experience in 2015, when a sophisticated cyber-attack on that country’s power grid led to more than 225,000 people being left in the dark. The attack could have been worse if not for the fact that Ukraine relies on manual technology to operate its grid. The Senator’s bill seeks to build on this concept by studying ways to strategically use “retro” technology to isolate the grid’s most important control systems.
More specifically, the legislation would:
Joining Senators King and Risch as original cosponsors of the bill are Senators Susan Collins (R-Maine), Martin Heinrich (D-N.M.), and Mike Crapo (R-Idaho). A companion bill is also being introduced by Representatives Dutch Ruppersberger (D-Md.) and John Carter (R-Tex.) in the House of Representatives.
To text of the legislation is available HERE.