Washington, D.C. – Today, U.S. Senators Angus King (I-Maine) and Jim Risch (R-Idaho) applauded the House of Representatives’ passage of the Securing Energy Infrastructure Act, a bipartisan bill mirroring the Senate legislation introduced by the two Senators – both of whom serve on the Senate Intelligence Committee and Senate Committee on Energy and Natural Resources. The legislation aims to establish a program to identify ways to simplify our critical infrastructure systems, thereby limiting opportunities for cyber-attacks and improving our ability to defend those systems.
The House version, introduced by Representatives Dutch Ruppersberger (D-Md.) and John Carter (R-Tex.), was successfully added as an amendment to the House’s Intelligence Authorization Act (IAA) last night by a voice vote; the Senate’s version of the IAA, which passed last month, also included the Senators’ bill. The Senate version of the Securing Energy Infrastructure Act was also cosponsored by Senators Susan Collins (R-Maine), Martin Heinrich (D-N.M.), and Mike Crapo (R-Idaho).
“Protecting our critical infrastructure from potential cyberattacks is of the utmost importance, and the time to act is now,” said Senator Risch. “I’ve been proud to work with Senator King on this bill to put our national laboratories, including the Idaho National Lab, at the helm of efforts to secure the integrity of our energy infrastructure systems. I applaud the House for advancing this legislation and look forward to seeing it signed into law.”
“America is among the most connected nations in the world, which gives us incredible new opportunities – but also unprecedented and dangerous new vulnerabilities,” said Senator King. “We need to improve our defenses, so the electric grid that powers our lives can’t be crippled by a cyber-attack launched from across the globe. Senator Risch and I have pushed for years to enact this commonsense and vitally important legislation; with the House’s passage of our bill, we are one step closer to taking this necessary step to protect the American people.”
“The threat of a potentially devastating cyber-attack grows greater with each passing day. It is important that we take commonsense steps now to eliminate vulnerabilities and protect our energy infrastructure from future disruption,” said Senator Collins. “This bipartisan, bicameral bill takes a proactive approach to ensure our electric grid is secure from attacks by foreign adversaries.”
The Securing Energy Infrastructure Act aims to identify ways to remove vulnerabilities that could allow hackers to access the energy grid through holes in digital software systems. Specifically, this approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber-attacks much more difficult. This legislation was inspired in part by Ukraine’s experience in 2015, when a sophisticated cyber-attack on that country’s power grid led to more than 225,000 people being left in the dark.
More specifically, the legislation would:
- Establish a two-year pilot program within the National Laboratories to study covered entities and identify new classes of security vulnerabilities, and research and test technology that could be used to isolate the most critical systems of covered entities from cyber-attacks.
- Require the establishment of a working group to evaluate the technology solutions proposed by the National Laboratories and to develop a national cyber-informed strategy to isolate the energy grid from attacks. Members of the working group would include federal government agencies, the energy industry, a state or regional energy agency, the National Laboratories, and other groups with relevant experience.
- Require the Secretary of Energy to submit a report to Congress describing the results of the program, assessing the feasibility of the techniques considered, and outlining the results of the working groups’ evaluation.
- Define “covered entities” under the bill as segments of the energy sector that have already been designated as entities where a cyber-security incident could result in catastrophic regional or national effects on public health or safety, economic security, or national security.
# # #