U.S. Senate passes bill to protect power grid and energy sector from cyberattacks

The U.S senate passed a bill to protect the power grid and energy sector from cyberattacks and prevent foreign hackers from being able to access the country’s power lifelines.

The new cybersecurity legislation will defend the U.S. energy grid by partnering with industry to utilize engineering concepts to remove vulnerabilities that could allow hackers to access the grid through holes in digital software systems and seeks to use manual methods to do that.

“This bill takes vital steps to improve our defenses, so the energy grid that powers our lives is not open to devastating attacks launched from across the globe. It’s bipartisan and it’s necessary,” Senators Angus King, who introduced the bill, said.

Specifically, the bill will examine ways to replace automated systems with low-tech redundancies, like manual procedures controlled by human operators. By making some of the process ‘manual’ or ‘old time’, it makes it easier to control the people who have access to the technology and systems.

“This approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber-attacks much more difficult,” a press release said.

By isolating the power grid by using manual procedures, the legislation ensures there are no technological loopholes for foreign attacks on power and energy related systems.

[optin-monster-shortcode id=”dv4jqlr9fih8giagcylw”]

According to the senator who introduced the bill, this legislation was inspired in part by Ukraine’s experience in 2015, when a sophisticated cyber-attack on that country’s power grid led to more than 225,000 people being left in the dark. The power grid attack could have been worse if not for the fact that Ukraine relies on manual technology to operate its grid.

A cyberattack on a country’s power grid could mean that millions of people could potentially be stranded at different locations, have no access to transportation, be unable contact their family or receive information about the situation. It is also a potentially life threatening situation for everyone involved.

The Senator’s bill seeks to build on this concept by studying ways to strategically use “retro” technology to isolate the grid’s most important control systems.

The new bill would also establish a two-year pilot program within the National Laboratories to study covered entities and identify new classes of security vulnerabilities, and research and test technology – like analog devices – that could be used to isolate the most critical systems of covered entities from cyber-attacks.

Using analog devices will bring down the threat of cyberattacks by ensuring that foreign hackers will not be able to access the systems.

The new bill would also require the Secretary of Energy to submit a report to Congress describing the results of the program, assessing the feasibility of the techniques considered, and outlining the results of the working groups’ evaluation.

The legislation will define “covered entities” as segments of the energy sector that have already been designated as entities where a cyber-security incident could result in catastrophic regional or national effects on public health or safety, economic security, or national security. These could include power grids and other important energy systems.

While the bill was received favorably by many industry experts, some have expressed concern over its nature of being anti-modern technology and instead reverting to retro methods instead of finding viable solutions for present day issues.

Vidya Lakshmi

IndustrialCyber Editor & Features Vidya is a freelance journalist with over 10 years of experience in business journalism. She started her career reporting on U.S. equities markets and later moved to niche financial news. She developed an interest in ICS cybersecurity after researching some incidents and reading about it online.