Critical infrastructure
News
Utilities: Energy & Power, Water, Waste

New legislation to boost America’s electric grid security, support cyber tech

May 05, 2021
electric grid security

A group of US senators have come together to introduce bipartisan legislation that will boost electric grid security by incentivizing electric utilities to make investments in cybersecurity. The bill also establishes a Department of Energy (DOE) grant and technical assistance program for the deployment of advanced cybersecurity technology for utilities that are not regulated by the Federal Energy Regulatory Commission (FERC).

The bill titled, S. 1400, ‘Protecting Resources On The Electric grid with Cybersecurity Technology’ (PROTECT) Act, was reintroduced by Senator Lisa Murkowski, a Republican from Alaska, along with Senators Joe Manchin, a Democrat from West Virginia, James Risch, a Republican from Idaho, Angus King, an Independent from Maine, and Jacky Rosen, a Democrat from Nevada. 

The bill directs that in less than six months after the date of enactment, the Commission shall work in consultation with the Secretary of Energy, the North American Electric Reliability Corporation (NERC), electricity sub-sector coordinating council, and the National Association of Regulatory Utility Commissioners (NARUC) to conduct a study that identifies incentive-based and performance-based rate treatments for the transmission and sale of electric energy subject to the jurisdiction of the Commission that could be used to encourage investment by public utilities in advanced cybersecurity technology, and participation by public utilities in cybersecurity threat information sharing programs.

The bill directs FERC to issue rule-making on rate incentives for advanced electric grid security technology. This will enable and incentivize utilities to invest in new technologies that improve their cybersecurity defenses. It also establishes a grant and technical assistance program at DOE to deploy advanced cybersecurity technology on the electric systems of utilities that are not regulated by FERC. Such exceptions would include cooperatives and municipal utilities, as well as small investor-owned utilities that sell less than 4 million megawatt-hours of electricity per year.

“The federal government and industry have a shared responsibility to enhance the cybersecurity posture of electric utilities, municipal utilities, and electric utility systems owned by electric cooperatives to protect our electric grid from cyber threats.” said Senator Murkowski in a press statement. “The PROTECT Act will help ensure utilities across America, including municipal utilities and electric cooperatives, are able to continue investing in advanced, cutting-edge cybersecurity technologies, while also strengthening the partnership between private industry and the federal government.”

“The reliability and resilience of our electric grid goes hand-in-hand with the economic and national security of the United States, so it’s critical that we’re two steps ahead in planning for unexpected events and threats,” said Senator Manchin, chairman of the Senate Energy and Natural Resources Committee. “The PROTECT Act would create incentives for utilities to enhance their cybersecurity efforts and increase their resilience to attacks.”

Senator King has repeatedly stressed the importance of improving protections for the nation’s electric grid security. Earlier this year, he and Senator Risch led a bipartisan letter voicing support for the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and urging the Department of Energy to maintain CESER’s current leadership structure. 

Senators King and Risch also authored the Securing Energy Infrastructure Act, which was passed as part of the FY2020 National Defense Authorization Act, and established partnerships to utilize engineering concepts to remove vulnerabilities that could allow hackers to access the electric grid through holes in digital software systems.

The nation’s electric grid security and infrastructure also recently got a major boost from the Biden administration as it decided on new steps to protect electrical operators from increasing cyber threats. 

About a fortnight back, the U.S. government announced a 100-day plan that will modernize critical electric infrastructure using cybersecurity defenses with aggressive milestones, and assist owners and operators to deliver better detection, mitigation, and forensic capabilities. The plan will help meet cybersecurity threats faced by the nation’s electric system, apart from seeking feedback from stakeholders on protecting the critical electric infrastructure.

In recent weeks, a number of bills have been introduced in the U.S. Senate, to enhance the nation’s cybersecurity shields, as it bolsters its critical infrastructure sector. One bill aims to create a ‘response and recovery’ fund to help public and private entities respond to and recover from cyberattacks. The other bill intends to help ensure that the Department of Homeland Security (DHS) is identifying and addressing risks to critical infrastructure. 

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved