WASHINGTON, D.C. — Idaho Republican Sen. Jim Risch says it’s time for a retro approach to protect the nation’s power grid, relying more on humans and less on sophisticated technology as a way to thwart hackers.
“I’m convinced that the next huge incident in the United States — not a big incident, but a huge incident — is going to be a cybersecurity incident,” Risch, a senior member of the Senate Committee on Intelligence, said in an interview. “And as a result of that, we need to be vigilant as far as preparing to defend against the attacks.”
Risch said the U.S. should heed the lesson of the 2015 cyberattack on Ukraine’s power grid: While it left more than 225,000 people without electricity, he said that hackers were prevented from doing even more damage because they couldn’t gain physical access to all of the controls, with some of them manually operated by real people.
“Sometimes we do better than the robots,” Risch said.
Risch and Independent Sen. Angus King of Maine, another member of the intelligence committee, want Congress to pass a $10 million bill that would create a two-year pilot program to investigate more low-tech approaches that might frustrate hackers.
“More than a year has passed since we saw Ukraine plunged into darkness as a result of a cyberattack that cut electricity to hundreds of thousands of people,” King said. “Meanwhile, here in the United States, we have been too slow to take meaningful action to protect ourselves from similar attacks.”
Under the bill, the U.S. Department of Energy’s National Laboratories would take the lead in coming up with new ways to protect the nation’s energy grid.
The Idaho National Laboratory is eager to participate in the project, said Brent Stacey, the former associate laboratory director of its National and Homeland Security Directorate and now a senior adviser to the lab.
“The hackers are always going to know more about the digital environment, it’s just moving so quickly,” Stacey said. “But we as infrastructure owners in this country are going to know more about our engineering and our processes.”
In November, the Idaho lab announced that its power grid was already being transitioned “to a more adaptive architecture to enable greater flexibility in testing new ideas and technologies.”
Stacey said one of the lessons of the attack on the Ukraine grid is to make sure that remote access to any digital system is secure and to find a middle ground in relying on manual controls and the fast pace of automation.
Risch said Ukraine partially thwarted the attack on its grid only because “they were not as sophisticated as the rest of the world today” and had to rely on humans to operate part of their system.
He said he wants to send a clear message to cybersecurity and intelligence experts as they look for new ways to prevent a blackout: “Don’t overlook something simply because it’s low-tech.”
Risch and King said their bill, The Securing Energy Infrastructure Act, has backing from Republicans and Democrats alike, improving its chances of passage this year.
The bill received a hearing last summer before the Senate Committee on Energy and Natural Resources’ subcommittee on energy but then went nowhere before Congress adjourned.
“We should have gotten this thing through last year, but things bogged down politically — this is a bipartisan piece of legislation,” Risch said.
King said he hopes to “advance it quickly in the new Congress.” So far, the bill has attracted three other cosponsors: Republican Sens. Mike Crapo of Idaho and Susan Collins of Maine and Democratic Sen. Martin Heinrich of New Mexico.
Risch said the senators could have a major ally in President Donald Trump, who last month signaled his intent to make protection of the U.S. electrical grid a top issue. Trump had been set to sign an executive order that called for improving the nation’s cybersecurity but then postponed it.
The House is examining the issue, too.
At a hearing earlier this month, Rep. Frank Pallone of New Jersey, the top Democrat on the House Energy and Commerce Committee, called the attack on the Ukraine grid “premediated and well-choreographed,” taking down backup power supplies and jamming phone lines in an attempt to prevent operators from understanding the extent of the damages. And he said members of Congress “owe it to the American people” to ask whether a similar attack could be replicated in the United States.
“If Russia hacked our election, what’s to stop them from hacking our electricity grid?” Pallone asked.