The House has unanimously passed with bipartisan support three bills intended to strengthen the cybersecurity profile of the nation’s electric grid and energy infrastructure.
Two of the three measures were sponsored by Communications and Technology Subcommittee Republican Leader Bob Latta (R-OH) and Rep. Jerry McNerney (D-CA), while a third was backed by Energy Subcommittee Chair Bobby Rush (D-IL) and Rep. Tim Walberg (R-MI).
Here are the three bills passed by the House:
- The Cyber Sense Act of 2020, led by Latta and McNerney, would require the Department of Energy to test the cybersecurity of products and technologies intended for use in the bulk-power system.
- The Enhancing Grid Security through Public-Private Partnerships Act, also sponsored by Latta and McNerney, would direct the Department of Energy to facilitate and encourage public-private partnerships to address security risks of electric utilities.
- The Energy Emergency Leadership Act, backed by Rush and Walberg, would ensure a Senate-confirmed, Assistant Secretary level head of the Energy Department’s vital energy emergency and cybersecurity missions to protect the nation’s energy and electric power systems.
“The COVID-19 pandemic has underscored the importance of stopping supply chain threats, including ensuring the security of our electric grid. From electricity to WiFi, a secure, reliable grid is vital to all Americans,” said Walden and Energy Subcommittee Republican Leader Fred Upton (R-MI), in a joint statement. “We thank our House colleagues for supporting three bipartisan bills that will bolster our energy security and keep our grid safe from cyberattacks, and we urge our Senate colleagues to take swift action to keep our electric grid safe and running.”
While the bills were largely met with approval, taken together they risk compromising the Department of Homeland Security’s (DHS) role as main guardian of the Energy Department’s cybersecurity, said Congressman Bennie Thompson (D-MS), who chairs the House Homeland Security Committee, The Hill reported.
“The problem common to the three measures today is that in their current forms, they risk siloing cybersecurity efforts when it comes to protecting the energy sector, as none of them acknowledges DHS as the coordinating partner to DOE for cybersecurity,” Thompson said. “As a reminder, this is the same infrastructure that has been under sustained, sophisticated attacks by foreign adversaries, some of which have been successful,” he said.
Energy Department officials have pledged to coordinate with DHS officials on cybersecurity issues, The Hill reported.
Siloing has plagued the federal government’s cybersecurity efforts for some time. The lack of a “clear central leader” to coordinate the disparate U.S. cybersecurity programs of 23 federal agencies has hampered the White House’s ability to execute programs that support the nation’s cyber defenses, the Government Accountability Office (GAO) said in a report issued last week.
In early May, President Trump issued an executive order to secure the facilities and control systems necessary to operate the U.S. energy grid. While the order isn’t directed at any new threat it addresses a need to fortify the power system, officials said.