Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Bill to Protect U.S. Energy Grid From Cyberattacks Passes With NDAA

Legislation that aims to protect the U.S. energy grid from cyberattacks passed the House this week after being added to the 2020 National Defense Authorization Act (NDAA).

The 2020 NDAA passed the House by a vote of 377 to 48 and President Donald Trump is expected to sign it soon.

Legislation that aims to protect the U.S. energy grid from cyberattacks passed the House this week after being added to the 2020 National Defense Authorization Act (NDAA).

The 2020 NDAA passed the House by a vote of 377 to 48 and President Donald Trump is expected to sign it soon.

The annual military bill includes the Securing Energy Infrastructure Act, which establishes a two-year pilot program within Energy Department national laboratories with the goal of identifying vulnerabilities and isolating critical grid systems.

The Securing Energy Infrastructure Act was introduced by Sen. Angus King and Sen. Jim Risch, and a companion bill has been introduced in the House of Representatives by Rep. Dutch Ruppersberger and Rep. John Carter.

The bill proposes solutions such as the use of analog backup systems, which could prevent cyberattacks from causing too much damage.

“This approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber-attacks much more difficult,” according to a press release from Sen. Angus’ office.

Advertisement. Scroll to continue reading.

The bill also requires the creation of a working group that would analyze the solutions proposed by national laboratories and develop a national strategy for protecting the energy grid.

“The energy grid powers our financial transactions, communications networks, healthcare services and most of our daily life– so if this critical infrastructure is compromised by a hacker, these building blocks of American life are at risk,” said Senator King. “Protecting our energy grid is commonsense, bipartisan, and vital to national security, and I’m happy this year’s NDAA will enshrine this needed provision into law.”

The cyber and physical security of North America’s energy grid was tested recently as part of a major exercise called GridEx V. More than 6,500 participants representing more than 425 government and energy sector organizations in the United States, Canada and Mexico took part in the two-day exercise.

Earlier this year, a power utility in the U.S. reported interruptions to electrical system operations as a result of a denial-of-service (DoS) attack that involved the exploitation of a known vulnerability in Cisco firewalls.

Related: House Passes Bill to Enhance Industrial Cybersecurity

Related: U.S. Energy Firm Fined $2.7 Million Over Data Security Incident

Related: U.S. to Help Secure Baltic Energy Grid Against Cyber Attacks

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.