Last month Sen. Cantwell (D,WA) introduced S 1241,
the Enhanced Grid Security Act. The bill would require the Secretary of
Energy to undertake a number of new programs to increase the ‘cyberresilience’
of the Energy Sector.
The bill outlines for major areas where these programs will
be concentrated:
∙ Cybersecurity R&D
∙ Component Testing
∙ Support for Cyberresilience Program
∙ Modeling
Energy Infrastructure Risk
The bill sets out these program areas with minimal guidance
and provides funds ($100 Million per year authorization in Section 10) for
their execution.
Cybersecurity R&D
Section 4 of the bill would require the Secretary of Energy
carry out a program to:
∙ Develop advanced cybersecurity applications and technologies for
the energy sector;
∙ Leverage electric grid architecture as a means to assess risks to
the energy sector, including by implementing an all-hazards approach to communications
infrastructure, control systems architecture, and power systems architecture;
∙ Perform pilot demonstration projects with the energy sector to
gain experience with new technologies; and
∙ Develop workforce development curricula for energy sector-related
cybersecurity.
Component Testing
Section 5 of the bill would require the Secretary to
establish a program to:
∙ Establish a cyber-testing and mitigation program to identify
vulnerabilities of energy sector supply chain products to known threats;
∙ Oversee third-party cyber-testing; and
∙ Develop procurement guidelines for energy sector supply chain
components.
Support for
Cyberresilience Program
Section 6 requires the Secretary to carry out a program to:
∙ Enhance and periodically test the emergency response capabilities
of the Department;
∙ Expand cooperation of the Department with the intelligence
communities for energy sector-related threat collection and analysis;
∙ Enhance the tools of the Department and ES-ISAC for monitoring
the status of the energy sector;
∙ Expand industry participation in ES-ISAC; and
∙ Provide technical assistance to small electric utilities for
purposes of assessing cyber-maturity posture.
Modeling Energy
Infrastructure Risk
Section 7 requires the development of an advanced energy
security program. This section provides the most complete congressional
guidance found in this bill; it even provides a formal purpose of the program {§7(b)}:
“The objective of the program… is
to increase the functional preservation of the electric grid operations or
natural gas and oil operations in the face of natural and human-made threats
and hazards, including electric magnetic pulse and geomagnetic disturbances.”
Then, instead of specifying the activities that will be
included in the program, it provides permission to include activities to {§7(c)}:
∙ Develop capabilities to identify vulnerabilities and critical
components that pose major risks to grid security if destroyed or impaired;
∙ Provide modeling at the national level to predict impacts from
natural or human-made events;
∙ Develop a maturity model for physical security and cybersecurity;
∙ Conduct exercises and assessments to identify and mitigate
vulnerabilities to the electric grid, including providing mitigation recommendations;
∙ Conduct research hardening solutions for critical components of
the electric grid;
∙ Conduct research mitigation and recovery solutions for critical
components of the electric grid; and
∙ Provide technical assistance to States and other entities for
standards and risk analysis.
Moving Forward
Sen. Cantwell (D,WA) is the ranking member of the Senate Energy
and Natural Resources Committee to which this bill has been referred. This
means that there is a decent chance that this bill will be included in
Chairwoman Murkowski’s (R,AK) rather extensive energy legislation agenda. This
bill may be considered by the Committee before the summer recess, but it is
unlikely to make it to the floor of the Senate this year.
Posts
No comments:
Post a Comment