With hackers taking aim at America’s electric grid, including nuclear plants, Maine’s two senators are pushing legislation they hope will keep the lights on.
“Time is running out” to improve the system, said U.S. Sen. Angus King, a Maine independent who serves on the Senate Intelligence Committee. “It’s vital that we act now to bolster the grid’s cyber defenses or we risk a potentially catastrophic attack.”
“Over the past four years, we have had dozens — if not hundreds — of warnings of cyberattacks against critical infrastructure,” King said during a congressional hearing.
“What we’re looking at now is the longest windup for a punch in world history,” he said. “We know it’s coming. We just don’t know where and when, and the risks are enormous.”
U.S. Sen. Susan Collins, a Maine Republican, is among the five senators backing the Securing Energy Infrastructure Act introduced by King and U.S. Sen. Jim Risch, R-Idaho.
The bill would set up a two-year pilot program to look for security vulnerabilities in the energy sector and to figure out how the Department of Energy can isolate the nation’s power grid from attacks.
The issue has taken on a new urgency with the revelation this month by the Department of Homeland Security and the Federal Bureau of Investigation that hackers penetrated energy company computer networks, including one operating a Kansas nuclear power plant.
The attacks apparently had no operational impact. But they renewed official interest in the security of energy company computers.
It’s not a new threat.
"Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict," the classified federal report said, according to Reuters.
President Donald Trump issued an executive order May 11 requiring his energy and homeland security secretaries to provide him with a report within 90 days about the risk for “a prolonged power outage associated with a significant cyber incident” as well as the country’s readiness to respond to one.
The president also ordered the departments to look at “any gaps or shortcomings in assets or capabilities” needed to mitigate the consequences of any cyberattack on the power grid.
King said in pushing his bill that there is “no single solution to this problem. What we’re talking about here is not rebuilding or re-engineering the entire grid, but, instead, we’re asking if there are some back-to-the-future answers, at critical points, that might protect us from the kind of attack we know is coming.”
“I don’t want to go home to my constituents in the middle of a blackout and say, ‘Well, we might have gotten to this but we had different committees and jurisdictions and we couldn’t quite get at it in the conference committee.’ That isn’t going to cut it. I think this qualifies as an emergency, and I hope we can act promptly,” King said.
King’s office said the measure “was inspired in part by Ukraine’s experience in 2015, when a sophisticated cyberattack on that country’s power grid led to more than 225,000 people being left in the dark.”
The impact of the attack in Ukraine was lessened by the country’s reliance on manual technology that let it isolate the most important control systems of its power grid, an idea that King said the U.S. might want to copy.
“The continued threats against our critical energy infrastructure systems in the United States require investments that will help enable our nation to achieve a sustainable advantage in critical infrastructure and control systems security,” Risch said in a prepared statement.
Collins has been pressing for beefed-up cybersecurity measures for years.
The Senate Energy and Natural Resources Subcommittee on Energy is studying the measure, first introduced last year, when the Senate failed to act on it.