September 13, 2016
The power goes out. Is a storm or downed line to blame for the power outage? No—an attack by a malicious hacker is the cause.
Your local power grid may not seem like a likely target for cyber hackers, but cybersecurity threats are an all-too-real risk for many buildings and electric grids connected to the Internet. According to a U.S. Department of Homeland Security report, although “the energy sector only represents 5-6 percent of U.S. GDP, the energy industry is subject to roughly 32 percent of all cyberattacks.”
In response to this vulnerability, the Senate recently passed a comprehensive energy reform bill that, among a number of other things, would establish a mechanism for dealing with cybersecurity threats to the electric grid. The bill, the Energy Policy Modernization Act of 2016, would designate the U.S. Department of Energy as the agency responsible for protecting the grid from cybersecurity threats.
This bill would also expand the Secretary of Energy’s authority under the Fixing America’s Surface Transportation (FAST) Act, which took effect in December 2015. The FAST Act established the Secretary’s power to address power grid security emergencies. The Senate’s bill, however, would clarify and extend this authority to include cybersecurity threats.
Under the Senate bill, the President would determine when a hacker’s attack on an electrical grid necessitates “immediate action.” After that determination, the Secretary of Energy would have the authority to intervene, ordering power companies to protect the power system as well as directing them how to do so. These emergency orders from the Secretary would be able to be given without prior notice and could remain in effect for up to 30 days, although in some circumstances they could be amended to last for as long as 90 days. To preempt financial concerns from energy companies and their shareholders, the bill contains provisions allowing companies to recoup the costs for actions ordered by the Secretary.