Wednesday, July 20, 2011

S 1342 Introduced – Bulk Power Cybersecurity

Last week Sen. Bingamen (D, NM), the Chairman of the Energy and Natural Resources Committee, introduced S 1342, the Grid Cyber Security Act. When introduced the bill was accompanied by the Report from his Committee favorably reporting this bill. (NOTE: the actual bill is not yet available from the GPO but the Committee Report is. Makes sense huh? BTW: The report includes the text of the bill.) This means that this bill could be considered by the Senate at any time as committee actions are now complete.

This bill would amend the Federal Power Act to expand the official definition of what electrical infrastructure would be covered by cyber security rules. A new §224 would define the term ‘critical electric infrastructure’ that would include physical and virtual assets involved in the ‘generation, transmission, or distribution of electric energy’. The critical factor determining coverage would be the requirement that the incapacitation or destruction of the assets would “have a debilitating impact on national security, national economic security, or national public health or safety” {§224(a)(1)}.

The bill would have the Federal Energy Regulatory Commission (FERC) determine if current §215 reliability standards are adequate to protect the critical electric infrastructure from cyber security vulnerabilities. Those vulnerabilities are defined as “a weakness or flaw in the design or operation of any programmable electronic device or communication network that exposes critical electric infrastructure to a cyber security threat” {§224(a)(5)}. Unless FERC specifically determines that the current standards are adequate, they will be required to order the Electric Reliability Organization (ERO) to update those standards within 180 days.

There are no specific requirements for security for control systems in this bill; it leaves the establishment of those requirements to the ERO.

BTW: It would help spell checkers everywhere if Congress would decide if ‘cyber security’ was one word or two. I vote for a single word – cybersecurity.

No comments:

/* Use this with templates/template-twocol.html */