Plan to Dumb-Down the Power Grid In Name of Cybersecurity Passes Senate – By Aaron Boyd (nextgov.com) / Dec 20 2018
The bill would establish and fund a public-private partnership to look at retro, analog options for securing the nation’s electric grid from digital threats.
A push to secure the nation’s electric power grid from cyberattacks by introducing analog stopgaps and redundancies passed the Senate late Wednesday.
The Securing Energy Infrastructure Act was introduced last year by Sens. Angus King, I-Maine, and Jim Risch, R-Idaho, and approved by the Energy and Natural Resources Committee in March. The bill requires the Energy secretary to establish a two-year pilot program to look at analog, nondigital and physical systems that can be incorporated into the power grid to mitigate the potential effects of a cyberattack—what its authors have called a “retro” approach.
The genesis of the bill came after a 2015 cyberattack in Ukraine took down a significant portion of the country’s energy grid. Operators were able to get the systems back online relatively quickly using human-powered backups.
“For years we’ve seen the danger of cyberattacks grow as bad actors pursue larger and more sophisticated incursions on our vital systems, but the federal government’s response has not matched the severity of these threats,” King said in a statement after the Senate vote. “This commonsense, bipartisan bill is an important step in the right direction, and will help protect America’s critical infrastructure from devastating attacks before they happen.”
The bill gives the secretary 180 days from enactment to establish the program, which would be led by the Energy Department national laboratories in partnership with volunteers from the energy sector—from power stations to manufacturers in the supply chain.
The legislation also calls for the creation of a federal working group to assess the recommendations from the partnership. That 10-member group would include representatives from the departments of Energy, Homeland Security and Defense, the Office of the Director of National Intelligence and the North American Electric Reliability Corporation.
The bill includes a $10 million appropriation for the pilot program and $1.5 million for the working group.
“It’s an interesting approach that people haven’t really thought of this much,” Chris Cummiskey, senior fellow at the George Washington University Center for Cyber and Homeland Security and former Homeland Security undersecretary and chief acquisition officer, told Nextgov when the bill was voted out of committee in March.
“You normally think of technology advancement constantly pushing the envelope and innovating. But to use an analog approach to this to ensure speed to recovery is a different way of doing it, which I don’t think folks have really thought of that much.”
Cummiskey said the energy sector was a particularly good place to try to this tactic, as much of that infrastructure is outdated and in need of modernization. But those efforts will take time, he added, and an analog tack could be a good way to bridge the gap.
“From a decision-maker’s standpoint, when I was at Homeland Security, we would talk to the vendors all the time. We’d say, ‘We don’t care what you have to do to get this thing back up and running, just do it,’” he said. “It’s one of these things where, if you think that using older technologies—analog—in order to spin this thing back up is going to be more effective in the short run, then get it done and we’ll go back to the more advanced, digital approaches after you’ve resolved your issues.”
A companion bill was introduced in the House last year but has yet to make it out of committee.