Securing Energy Infrastructure Act would adopt “retro” approach to safeguard against 21st century threat

King, Risch, Heinrich, Collins Introduce Legislation to Protect Electric Grid from Cyber-Attacks

WASHINGTON, D.C. – U.S. Senators Angus King (I-Maine), Jim Risch (R-Idaho), Martin Heinrich (D-N.M.), and Susan Collins (R-Maine), all members of the Senate Intelligence Committee, today introduced legislation aiming to protect critical U.S. energy infrastructure from potentially catastrophic cyber-attacks. The Securing Energy Infrastructure Act of 2016 would examine solutions to defend the U.S. energy grid by replacing key devices like computer-connected operating systems that are vulnerable to cyber-attacks with analog and human-operated systems – a “retro” approach that has shown promise as a safeguard against cyber-attacks.

“The United States is one of the most technologically-advanced countries in the world, which also means we’re one of the most technologically-vulnerable countries in the world. In fact, right now there are hackers across the globe working to exploit weaknesses in the digital systems that help run critical infrastructure like our electric grid. And a successful attack could have catastrophic consequences,” Senator King said. “That’s why we need to act now – and by looking to the past, we may be able to develop ways to thwart the sophisticated cyber-attacks of the future. Our legislation would reengineer the last-mile of the energy grid to isolate its most important systems, and in doing so, help defend it from a devastating blow that could cut off electricity to millions of people across the country.”

“Protecting our critical energy infrastructure systems is one of the most pressing security challenges facing the United States today,” said Senator Risch. “The continual emergence of threats and vulnerabilities to digital systems has created significant weaknesses that require a large-scale, national effort to address, which is the intent of this legislation. The Idaho National Lab has the unique assets and expertise needed to drive the innovations this legislation aims to create and we are fortunate to have their leadership on this critical issue.”

“Cybersecurity is one of the most serious economic and national security challenges we face as a nation. The future of warfare is moving further away from the battlefield and closer to the devices and the networks everyday citizens depend on,” said Senator Heinrich. “Protecting our nation from malicious cyber actors requires a comprehensive approach, and keeping our energy infrastructure secure is central to that. I am especially proud that this legislation would rely on Sandia National Labs’ expertise in providing technology solutions and developing a national strategy to isolate the energy grid from cyber attacks.”

“As cyber-attacks become increasingly common, Congress must take action to better protect the critical infrastructure our nation depends upon,” said Senator Collins.  “As experts continue to tell us, it is not a matter of if a cyber attack aimed at our critical infrastructure occurs, but when. This bill, along with other cybersecurity measures passed by Congress and under consideration before the Senate, can make a real contribution in strengthening our defenses against this dangerous threat.”

Top officials within the Intelligence Community have testified that U.S. critical infrastructure are enticing targets to malicious actors. Those officials have also warned that, without action, the U.S. remains vulnerable to cyber-attacks that could result in catastrophic damage to public health and safety, economic security, and national security.

This bill would examine ways to replace automated systems with manual procedures controlled by human operators to remove vulnerabilities that could allow cyber-criminals to access the grid through holes in digital software systems. This approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber-attacks much more difficult.

The potential for this approach was evident in the December 2015 cyber-attack on Ukraine’s power grid during which sophisticated cyber-attack techniques were used to plunge more than 225,000 people into darkness. According to the Department of Homeland Security, the cyber-attack was coordinated to target the Ukrainian power grid’s industrial control systems, which act as the intermediary between computers and the switches that distribute electricity. The attack could have been worse if not for the fact that Ukraine relies on manual technology to operate its grid. The legislation seeks to build on this concept by studying ways to strategically use “retro” technology to isolate the grid’s most important control systems.

More specifically, the legislation would:

  • Establish a two-year pilot program within the National Laboratories to study covered entities and identify new classes of security vulnerabilities, and research and test technology – like analog devices – that could be used to isolate the most critical systems of covered entities from cyber-attacks.
  • Require the establishment of a working group to evaluate the technology solutions proposed by the National Laboratories and to develop a national cyber-informed strategy to isolate the energy grid from attacks. Members of the working group would include federal government agencies, the energy industry, a state or regional energy agency, the National Laboratories, and other groups with relevant experience.
  • The Secretary of Energy is required to submit a report to Congress describing the results of the program, assessing the feasibility of the techniques considered, and outlining the results of the working groups’ evaluation.
  • Define “covered entities” under the bill as segments of the energy sector that have already been designated as entities where a cyber-security incident could result in catastrophic regional or national effects on public health or safety, economic security, or national security.

To read the text of the legislation, click HERE.