Legislation that aims to protect the U.S. energy grid from cyberattacks passed the House this week after being added to the 2020 National Defense Authorization Act (NDAA).
The 2020 NDAA passed the House by a vote of 377 to 48 and President Donald Trump is expected to sign it soon.
The annual military bill includes the Securing Energy Infrastructure Act, which establishes a two-year pilot program within Energy Department national laboratories with the goal of identifying vulnerabilities and isolating critical grid systems.
The Securing Energy Infrastructure Act was introduced by Sen. Angus King and Sen. Jim Risch, and a companion bill has been introduced in the House of Representatives by Rep. Dutch Ruppersberger and Rep. John Carter.
The bill proposes solutions such as the use of analog backup systems, which could prevent cyberattacks from causing too much damage.
“This approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber-attacks much more difficult,” according to a press release from Sen. Angus’ office.
The bill also requires the creation of a working group that would analyze the solutions proposed by national laboratories and develop a national strategy for protecting the energy grid.
“The energy grid powers our financial transactions, communications networks, healthcare services and most of our daily life– so if this critical infrastructure is compromised by a hacker, these building blocks of American life are at risk,” said Senator King. “Protecting our energy grid is commonsense, bipartisan, and vital to national security, and I’m happy this year’s NDAA will enshrine this needed provision into law.”
The cyber and physical security of North America’s energy grid was tested recently as part of a major exercise called GridEx V. More than 6,500 participants representing more than 425 government and energy sector organizations in the United States, Canada and Mexico took part in the two-day exercise.
Earlier this year, a power utility in the U.S. reported interruptions to electrical system operations as a result of a denial-of-service (DoS) attack that involved the exploitation of a known vulnerability in Cisco firewalls.
Related: House Passes Bill to Enhance Industrial Cybersecurity
Related: U.S. Energy Firm Fined $2.7 Million Over Data Security Incident
Related: U.S. to Help Secure Baltic Energy Grid Against Cyber Attacks
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
