The electric grid system that keeps the United States humming is worth more than $1 trillion and keeps the lights on for more than 300 million Americans. But recent reports have suggested it's also increasingly vulnerable to cyberattacks as utilities tie grid-monitoring control systems to open networks like the Internet.
(AP/Lauren Victoria Burke)
Federal regulators have complained they do not have enough authority over the electric grid networks. Now, in the wake of news of grid infiltrations by Chinese and Russian spies, some members of Congress are prepared to hand them that power.
Matching bills were introduced in the House and the Senate on Thursday to increase the authority of the Department of Homeland Security and the Federal Energy Regulatory Commission to secure the electric grid. The bills were introduced by Senator Joe Lieberman, I-Conn., and Rep. Bennie Thompson, D-Miss., who chair the Homeland Security committees in their respective chambers.
"Our cybersystems are under constant attack," Lieberman said in a statement. "We rely on cyberspace for so much of what is at the heart of our way of life, and our systems are not protected. We are focusing on the electricity cyberstructure today because electricity is what so many critical sectors of the economy depend upon."
Utilities are already expected to comply with mandatory cybersecurity standards, but regulators have reported that utilities are likely downplaying the critical nature of their infrastructure, in order to avoid compliance with the rules.
The legislation addresses that by giving FERC, DHS, and other national security agencies the authority to determine which physical or cyber assets should be deemed "critical electric infrastructure." The bill clarifies that "critical" infrastructure should refer to networks that are so vital to the United States that their incapacity would cause signficant harm to the country's security, the economy, or public health at a national or regional level.
It also would enable FERC to issue rules or orders to protect critical electric infrastructure against threats – including emergency orders, which could be issued without prior notice if FERC determines an order is needed immediately to protect the grid from an imminent threat. Emergency orders would remain in place for 90 days, unless FERC opened them up to public comment.
In addition, the legislation calls for FERC and the DHS Secretary to establish within 120 days of the bill's enactment interim measures to protect the electric grid.
The DHS would also be responsible for more oversight of grid protection programs. The legislation would require the department to conduct research to determine if the security of critical electric infrastructure has been compromised and to report its findings to Congress. The department would also have to produce regular reports with recommendations for creating a collective domestic response to a cyber attack by a terrorist, nation-state or person.
The legislation comes as the Obama administration is pushing through stimulus spending smart-grid development, which would connect the electric grid to more networks.