House passes bills to secure energy sector against cyberattacks

The House on Tuesday unanimously passed four bills aimed at securing the power grid and other energy infrastructure against cyberattacks.

All four of the bipartisan bills were approved by voice vote, and supported by the leaders of the House Energy and Commerce and House Science, Space, and Technology panels. 

The Cyber Sense Act, primarily sponsored by Reps. Bob Latta (R-Ohio) and Jerry McNerney (D-Calif.), would require the secretary of Energy to establish a program to test the cybersecurity of products intended to be used in the bulk power system. 

Latta and McNerney are the primary sponsors of a second piece of legislation passed Tuesday, the Enhancing Grid Security Through Public-Private Partnerships Act, which would require the Department of Energy to establish a program to enhance the cyber and physical security of electric utilities, along with issuing a report on ways to enhance security to address threats. 

A third bill approved, the Energy Emergency Leadership Act, would enhance leadership at the Department of Energy on cybersecurity missions to protect the nation’s energy infrastructure. Reps. Bobby Rush (D-Ill.) and Tim Walberg (R-Mich.) are the main sponsors. 

“This legislation and the two bills that will follow it are bipartisan bills that will help protect our grid from cyberattacks,” House Energy and Commerce Committee Chairman Frank Pallone (D-N.J.) said on the House floor Tuesday while speaking in favor of the Energy Emergency Leadership Act. 

Committee ranking member Greg Walden (R-Ore.), along with energy subcommittee ranking member Fred Upton (R-Mich.), both applauded the passage of the bills. 

“The COVID-19 pandemic has underscored the importance of stopping supply chain threats, including ensuring the security of our electric grid,” Walden and Upton said in a joint statement. “From electricity to WiFi, a secure, reliable grid is vital to all Americans. We thank our House colleagues for supporting three bipartisan bills that will bolster our energy security and keep our grid safe from cyberattacks, and we urge our Senate colleagues to take swift action to keep our electric grid safe and running.”

While there was general bipartisan support for the bills, House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) raised concerns on the House floor Tuesday that the three measures would undermine the Department of Homeland Security’s (DHS) leadership position on federal cybersecurity issues. 

“The problem common to the three measures today is that in their current forms, they risk siloing cybersecurity efforts when it comes to protecting the energy sector, as none of them acknowledges DHS as the coordinating partner to DOE for cybersecurity,” Thompson said. “As a reminder, this is the same infrastructure that has been under sustained, sophisticated attacks by foreign adversaries, some of which have been successful.

“While cyberattacks against the energy sector have accelerated, the sector does not exist in a vacuum,” he added. 

Pallone was quick to assert that Energy Department officials have pledged to coordinate with DHS officials on cybersecurity issues, and that the bills would not take away any cybersecurity authority from DHS. 

“Nothing in these bills actually affects in any way, shape or form the existing authorities or prerogatives of the Department of Homeland Security or its secretary in any way, any interpretation to the contrary is simply incorrect,” Pallone said. 

A fourth bill, the Grid Security Research and Development Act sponsored by Reps. Ami Bera (D-Calif.) and Randy Weber (R-Texas), was also unanimously passed by the House on Tuesday. 

The legislation, approved by the House Science, Space, and Technology Committee earlier this year, would strengthen the ability of the energy sector to respond to cyber and physical threats, such as wildfires. 

“As the grid and other forms of critical infrastructure become more digitized, the risk that cyberattacks will shutdown federal systems has increased and in some cases these attacks can even cause physical damage to the grid,” Bera said on the House floor Tuesday while advocating passage of the bill. 

All four bills now move to the Senate for consideration.

The measures were approved as cyber targeting of the grid becomes an issue of increasing concern. 

Last year, a successful denial of service cyberattack on a Western utility caused a grid disruption, while officials warned the Senate Energy and Natural Resources Committee last month that the COVID-19 pandemic had exposed critical infrastructure to greater cyber risks.