In the wake of recent reports describing the electric grid's vulnerabilities to hackers, two members of the U.S. Congress have introduced legislation giving federal regulators more authority to combat that possible threat.
The electric grid system that keeps the United States humming is worth more than $1 trillion and keeps the lights on for more than 300 million Americans. Federal regulators have complained they do not have enough authority over the electric grid networks, which recent reports have suggested may be vulnerable to infiltrations by Chinese and Russian spies--a new concern as utilities tie grid-monitoring control systems to open networks like the Internet.
Matching bills were introduced in the House and the Senate on Thursday to increase the authority of the Department of Homeland Security and the Federal Energy Regulatory Commission to secure the electric grid. The bills were introduced by Sen. Joe Lieberman (I-Conn.) and Rep. Bennie Thompson (D-Miss.), who chair the Homeland Security committees in their respective chambers.
"Our cybersystems are under constant attack," Lieberman said in a statement. "We rely on cyberspace for so much of what is at the heart of our way of life, and our systems are not protected. We are focusing on the electricity cyberstructure today because electricity is what so many critical sectors of the economy depend upon."
Utilities are already expected to comply with mandatory cybersecurity standards, but regulators have reported that utilities are likely downplaying the critical nature of their infrastructure to avoid compliance with the rules.
The legislation addresses that by giving FERC, DHS, and other national security agencies the authority to determine which physical or cyber assets should be deemed "critical electric infrastructure." The bill clarifies that "critical" infrastructure should refer to networks that are so vital to the United States that their incapacity would cause significant harm to the country's security, the economy, or public health at a national or regional level.
It also would enable FERC to issue rules or orders to protect critical electric infrastructure against threats--including emergency orders, which could be issued without prior notice if FERC determines an order is needed immediately to protect the grid from an imminent threat. Emergency orders would remain in place for 90 days, unless FERC opened them up to public comment.
In addition, the legislation calls for FERC and the DHS Secretary to establish within 120 days of its enactment interim measures to protect the electric grid.
The DHS would also be responsible for more oversight of grid protection programs. The legislation would require the department to conduct research to determine if the security of critical electric infrastructure has been compromised and to report its findings to Congress. The department would also have to produce regular reports with recommendations for creating a collective domestic response to a cyberattack by a terrorist, nation-state or person.
The legislation comes as the Obama administration is pushing through stimulus spending smart-grid development, which would connect the electric grid to more networks.