Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Bill to Protect U.S. Energy Grid From Cyberattacks Passes With NDAA

Legislation that aims to protect the U.S. energy grid from cyberattacks passed the House this week after being added to the 2020 National Defense Authorization Act (NDAA).

The 2020 NDAA passed the House by a vote of 377 to 48 and President Donald Trump is expected to sign it soon.

Legislation that aims to protect the U.S. energy grid from cyberattacks passed the House this week after being added to the 2020 National Defense Authorization Act (NDAA).

The 2020 NDAA passed the House by a vote of 377 to 48 and President Donald Trump is expected to sign it soon.

The annual military bill includes the Securing Energy Infrastructure Act, which establishes a two-year pilot program within Energy Department national laboratories with the goal of identifying vulnerabilities and isolating critical grid systems.

The Securing Energy Infrastructure Act was introduced by Sen. Angus King and Sen. Jim Risch, and a companion bill has been introduced in the House of Representatives by Rep. Dutch Ruppersberger and Rep. John Carter.

The bill proposes solutions such as the use of analog backup systems, which could prevent cyberattacks from causing too much damage.

“This approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber-attacks much more difficult,” according to a press release from Sen. Angus’ office.

The bill also requires the creation of a working group that would analyze the solutions proposed by national laboratories and develop a national strategy for protecting the energy grid.

“The energy grid powers our financial transactions, communications networks, healthcare services and most of our daily life– so if this critical infrastructure is compromised by a hacker, these building blocks of American life are at risk,” said Senator King. “Protecting our energy grid is commonsense, bipartisan, and vital to national security, and I’m happy this year’s NDAA will enshrine this needed provision into law.”

Advertisement. Scroll to continue reading.

The cyber and physical security of North America’s energy grid was tested recently as part of a major exercise called GridEx V. More than 6,500 participants representing more than 425 government and energy sector organizations in the United States, Canada and Mexico took part in the two-day exercise.

Earlier this year, a power utility in the U.S. reported interruptions to electrical system operations as a result of a denial-of-service (DoS) attack that involved the exploitation of a known vulnerability in Cisco firewalls.

Related: House Passes Bill to Enhance Industrial Cybersecurity

Related: U.S. Energy Firm Fined $2.7 Million Over Data Security Incident

Related: U.S. to Help Secure Baltic Energy Grid Against Cyber Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem