Monday, June 15, 2015

S 1241 Introduced – Enhanced Grid Security Act

Last month Sen. Cantwell (D,WA) introduced S 1241, the Enhanced Grid Security Act. The bill would require the Secretary of Energy to undertake a number of new programs to increase the ‘cyberresilience’ of the Energy Sector.

The bill outlines for major areas where these programs will be concentrated:

Cybersecurity R&D
Component Testing
Support for Cyberresilience Program
Modeling Energy Infrastructure Risk

The bill sets out these program areas with minimal guidance and provides funds ($100 Million per year authorization in Section 10) for their execution.

Cybersecurity R&D

Section 4 of the bill would require the Secretary of Energy carry out a program to:

Develop advanced cybersecurity applications and technologies for the energy sector;
Leverage electric grid architecture as a means to assess risks to the energy sector, including by implementing an all-hazards approach to communications infrastructure, control systems architecture, and power systems architecture;
Perform pilot demonstration projects with the energy sector to gain experience with new technologies; and
Develop workforce development curricula for energy sector-related cybersecurity.

Component Testing

Section 5 of the bill would require the Secretary to establish a program to:

Establish a cyber-testing and mitigation program to identify vulnerabilities of energy sector supply chain products to known threats;
Oversee third-party cyber-testing; and
Develop procurement guidelines for energy sector supply chain components.

Support for Cyberresilience Program

Section 6 requires the Secretary to carry out a program to:

Enhance and periodically test the emergency response capabilities of the Department;
Expand cooperation of the Department with the intelligence communities for energy sector-related threat collection and analysis;
Enhance the tools of the Department and ES-ISAC for monitoring the status of the energy sector;
Expand industry participation in ES-ISAC; and
Provide technical assistance to small electric utilities for purposes of assessing cyber-maturity posture.

Modeling Energy Infrastructure Risk

Section 7 requires the development of an advanced energy security program. This section provides the most complete congressional guidance found in this bill; it even provides a formal purpose of the program {§7(b)}:

“The objective of the program… is to increase the functional preservation of the electric grid operations or natural gas and oil operations in the face of natural and human-made threats and hazards, including electric magnetic pulse and geomagnetic disturbances.”

Then, instead of specifying the activities that will be included in the program, it provides permission to include activities to {§7(c)}:

Develop capabilities to identify vulnerabilities and critical components that pose major risks to grid security if destroyed or impaired;
Provide modeling at the national level to predict impacts from natural or human-made events;
Develop a maturity model for physical security and cybersecurity;
Conduct exercises and assessments to identify and mitigate vulnerabilities to the electric grid, including providing mitigation recommendations;
Conduct research hardening solutions for critical components of the electric grid;
Conduct research mitigation and recovery solutions for critical components of the electric grid; and
Provide technical assistance to States and other entities for standards and risk analysis.

Moving Forward

Sen. Cantwell (D,WA) is the ranking member of the Senate Energy and Natural Resources Committee to which this bill has been referred. This means that there is a decent chance that this bill will be included in Chairwoman Murkowski’s (R,AK) rather extensive energy legislation agenda. This bill may be considered by the Committee before the summer recess, but it is unlikely to make it to the floor of the Senate this year.

No comments:

/* Use this with templates/template-twocol.html */