WASHINGTON, D.C. – Today, U.S. Senator Jacky Rosen (D-NV), a member of the Senate Committee on Commerce, Science, and Transportation and the Senate Committee on Homeland Security & Governmental Affairs (HSGAC), along with Senator John Hoeven (R-ND), announced their reintroduction of the Cyber Sense Act with Senators Angus King (ME-I), James Risch (R-ID), and Thom Tillis (R-NC). This bipartisan legislation would create a voluntary Cyber Sense program at the Department of Energy to test the cybersecurity of products and technologies intended for use in the bulk-power system. Identical companion legislation was introduced in the U.S. House of Representatives earlier this year by Representatives Bob Latta (R-OH) and Jerry McNerney (D-CA) and passed the House Energy and Commerce Committee this month.
“As our world becomes more digitized, the need for a strong defense of our nation’s electric infrastructure has never been more clear. And with the recent pandemic forcing us to rely more heavily on technology, it’s no surprise that we are seeing a surge in cyberattacks,” said Senator Rosen. “If we don’t act to address and mitigate cybersecurity risks, our nation will remain vulnerable. I’m proud to introduce this bipartisan bill to provide much-needed training and technical assistance to electric utilities to address cybersecurity risks and strengthen our national security. I will continue to support legislation that equips our workforce and organizations with the skills needed to improve our nation’s grid resiliency.”
“By utilizing technology to identify and minimize cybersecurity risks, we’re protecting our nation’s critical infrastructure that powers our homes and our economy,” said Senator Hoeven. “Events of the past year have revealed increasing vulnerabilities within our energy infrastructure, and our bipartisan legislation supports efforts to secure our nation’s electric grid.”
“In the 21st century, the electric grid powers every aspect of our lives – from our homes and workplaces to hospitals and grocery stores. Our wired society creates many benefits, but this increased connectivity brings increased vulnerability and requires modern vigilance,” said Senator King, co-chair of the Cyberspace Solarium Commission. “This is why we have to take steps to secure our networks – such as testing the strength of our own systems to ensure they can withstand cyberattacks. Network security relies on the strength of each individual component, which is why I’m joining my colleagues to introduce a bipartisan bill to create a specific program to better secure new technological products before we integrate them into our grid. We see real-life examples consistently of the costs associated with debilitating cyberattacks, and it’s critical that we take steps to secure our grid now.”
“The Colonial Pipeline and JBS cyberattacks demonstrated just how catastrophic data breaches can be and underscored the importance of securing our critical energy infrastructure,” said Senator Risch. “We need a comprehensive cybersecurity strategy that protects U.S. assets while proactively identifying security vulnerabilities. The Department of Energy’s national laboratories, including the Idaho National Lab, are uniquely positioned to help secure the products that operate the nation’s electric grid. This legislation is a step in the right direction.”
“Over the last few months, we have seen the severity cybercrime attacks can have on our nation’s infrastructure, and it is past time for Congress to ensure our electrical grid can withstand possible attacks in the future,” said Senator Tillis. “This bipartisan legislation will allow the Department of Energy to test cybersecurity products and provide voluntary technical training to our power providers to ensure they are protected.”
“Protecting our industry’s supply chain is a top priority for all EEI member electric companies, and addressing dynamic threats requires constant vigilance and coordination that leverage both government and industry resources,” said Tom Kuhn, President of the Edison Electric Institute. “That is why electric companies work with government partners to share actionable intelligence, deploy state-of-the-art tools, and prepare to respond to incidents that could affect our systems. The Cyber Sense Act would enhance our industry-government partnership by creating a voluntary Department of Energy program to identify and promote cyber-secure products for use in the bulk-power system. The bill also establishes an important testing and reporting process for products determined to have cyber vulnerabilities. EEI applauds Senators Jacky Rosen and John Hoeven and Representatives Bob Latta and Jerry McNerney for their continued leadership on this issue, which is important to America’s economy and national security.”
BACKGROUND: Specifically, the bipartisan Cyber Sense Act would:
- Create a voluntary Department of Energy ‘Cyber Sense’ program that would identify and promote cyber-secure products for use in the bulk-power system.
- Establish a testing process for the products along with a reporting process of cybersecurity vulnerabilities.
- Require the Secretary of Energy to keep a related database on the products, which will aid electric utilities that are evaluating products and their potential to cause harm to the electric grid.
- Direct the Secretary of Energy to consider incentives to encourage the use of analysis and results of testing under the program in the design of products and technologies for use in the bulk-power system.