This week, the House of Representatives passed two bipartisan bills authored by Congressman Bob Latta (R-OH5) and Jerry McNerney (D-CA9). H.R. 2931, the Enhancing Grid Security through Public-Private Partnerships Act, and H.R. 2928, the Cyber Sense Act, each work to bolster the United States’ electric infrastructure by encouraging coordination between the Department of Energy (DOE) and electric utilities.
Watch Congressman Latta speak on Enhancing Grid Security through Public-Private Partnerships Act on the House floor here.
The United States has experienced a new wave of cyber-attacks on our critical infrastructure. In December of last year, the cybersecurity firm FireEye published research that a malicious actor was exploiting a supply chain vulnerability in SolarWinds’ products to hack into government and private sector information technology (IT) networks. This May, the Colonial Pipeline Company announced it was forced to halt its pipeline operations due to a ransomware attack, which disrupted critical supplies of gasoline and other refined products throughout the Southeast and East Coast.
The Enhancing Grid Security through Public-Private Partnerships Act directs DOE to facilitate and encourage public-private partnerships to improve cybersecurity of electric utilities. The legislation would improve sharing of best practices and data collection, along with providing training and technical assistance to electric utilities to address and mitigate cybersecurity risks.
On Monday, July 19, 2021, the House passed the Enhancing Grid Security through Public-Private Partnerships Act by unanimous consent.
Watch Congressman Latta speak on the Cyber Sense Act on the House floor here.
The SolarWinds attack exposed a vulnerability in American supply chains. This should serve as a wake-up call to the energy sector. Similar attacks on products used in grid operators’ IT networks could go undetected and, when exposed, result in the costly process of disabling and removing said products from operation. Having a program that would allow for the testing of a product’s cybersecurity would help grid operators share information and maintain coordination with the federal government to keep pace with evolving cybersecurity threats.
The Cyber Sense Act would create a voluntary DOE “Cyber Sense” program that would identify and promote cyber-secure products for use in the bulk-power system. The bill also establishes a testing process for the products along with a reporting process of cybersecurity vulnerabilities. It creates a database at the DOE to track products and help provide more information on cyber weaknesses for electric utilities and their potential to cause harm to the electric grid. This would aid electric utilities that are evaluating products and their potential to cause harm to the electric grid.
Today on Tuesday, July 20, 2021, the House passed the Cyber Sense Act.