Ramped-up concerns about the security of the U.S. power grid and media reports that said cyberspies had infiltrated it have prompted the introduction of a congressional bill that would increase the authority of the Department of Homeland Security (DHS) and the Federal Energy Regulatory Commission (FERC) to help reduce the grid’s vulnerability.
The Critical Electric Infrastructure Protection Act, introduced Thursday by Homeland Security and Governmental Affairs Committee Chairman Sen. Joe Lieberman (I-Conn.), would amend the 1935 Federal Power Act to provide “additional legal authorities to adequately protect the critical electric infrastructure against cyberattack” and give FERC 120 days of its enactment of interim cybersecurity standards to replace existing—and seemingly inadequate—guidelines.
Two years ago, the DHS helped to discover serious cyber vulnerabilities in the control systems that help support the electric grid. As FERC and the DHS worked with the private sector to mitigate this vulnerability, it became apparent that the federal government did not have adequate authority to protect the nation’s electricity supply from tampering or attack, Lieberman said in a statement last week.
The bill would give FERC additional authority to develop recommendations to fix vulnerabilities detected and reported by the DHS. It would also direct FERC, after notification from the DHS, to issue rules or orders to protect critical electric infrastructure from a vulnerability or threat, and, if the threat is imminent, to issue an emergency rule or order without prior notice or hearing.
Additionally, it would make emergency rules or orders issued by FERC effective for up to 90 days, unless the rule or order is opened to comment, and FERC subsequently affirmed, amended, or repealed the rule or order. Sensitive information submitted to FERC by the private sector would be treated as Protected Critical Infrastructure Information (as defined in the Homeland Security Act).
Under the bill, the DHS would also conduct an investigation to determine if the security of federally owned critical electric infrastructure had been compromised. The investigation would focus on the extent of compromise, identification of attackers, method of penetration, ramifications of compromise, and recommended mitigation activities.
Companion legislation was introduced in the House by Homeland Security Committee Chairman Bennie Thompson (D-Miss.) and Ranking Member Peter King (R-N.Y.).
The Lieberman-Thompson bill is but one of several cybersecurity-related proposals expected to be introduced this year. Earlier this month, Sens. Olympia Snowe (R-Maine) and Jay Rockefeller (D-W.Va.) offered legislation that would give the federal government new powers to develop and enforce baseline cybersecurity standards for the private and public sectors.
The Obama administration, meanwhile, is preparing to discuss details of a 60-day cybersecurity review. The review will reveal a plan for updating laws and government policies to deal with the cybersecurity threat.
Sources: Sen. Joe Lieberman, NERC