The United States Senate has passed a bill to help strengthen the defenses of the U.S. energy grid against digital attacks.
On 27 June, the Senate passed the Securing Energy Infrastructure Act. Introduced by U.S. Senators Angus King (I-Maine) and Jim Risch (R-Idaho), the main purpose of the bipartisan bill is to remove security vulnerabilities which digital attackers can abuse to access the U.S. energy grid. It seeks to do this by implementing several steps, including:
- Creating a two-year pilot program within the National Laboratories that will partner with entities in the energy sector to identify security vulnerabilities as well as evaluate technology and standards to protect covered industrial control systems against those vulnerabilities.
- Establishing a working group to evaluate the technology and standards used in the program as well as develop a strategy to defend energy sector entities against security vulnerabilities.
- Submit reports that present the results of the program.
According to a press release published by Senator King, he and four other co-sponsors received their inspiration to create the bill from Ukraine's experience with BlackEnergy in 2015. On 23 December 2015, the malware caused interference in some computer systems' functionality at the western Ukrainian power company Prykarpattyaoblenergo. This interference ultimately caused a power outage that affected an area including the regional capital Ivano-Frankivsk. Reflecting on this incident, Senator King said that the world's growing connectivity creates opportunities which, if abused by digital attackers, can serve as a weakness. As quoted in his press release:
This bill takes vital steps to improve our defenses, so the energy grid that powers our lives is not open to devastating attacks launched from across the globe. It’s bipartisan, it’s commonsense, and it’s necessary – I’m glad that the Senate has advanced this important legislation.
In the meantime, Representatives Dutch Ruppersberger (D-Md.) and John Carter (R-Tex.) have introduced a companion bill in the House of Representatives. The Securing Energy Infrastructure Act highlights how all energy entities, as well as all organizations with industrial control systems, should strengthen their defenses against digital threats. One way they can do this is by investing in a solution that helps them discover all assets connected to their network and monitor their network for potential problems. Learn how Tripwire can help.