|WASHINGTON – Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., introduced legislation Thursday to increase the authority of the Department of Homeland Security (DHS) and the Federal Energy Regulatory Commission (FERC) to secure the electric grid.
Two years ago, DHS helped to discover serious cyber vulnerabilities in the control systems that help support the electric grid. As FERC and DHS worked with the private sector to mitigate this vulnerability, it became apparent that the federal government did not have adequate authority to protect the nation’s electricity supply from tampering or attack.
“Our cyber systems are under constant attack,” Lieberman said. “We rely on cyberspace for so much of what is at the heart of our way of life. And our systems are not protected. We are focusing on the electricity cyber structure today because electricity is what so many critical sectors of the economy depend upon.”
The Critical Electric Infrastructure Protection Act will help reduce the susceptibility of the electric grid to cyber attack by giving the Federal Energy Regulatory Commission (FERC) additional authority to develop a fix to vulnerabilities detected and reported by DHS. It would also:
• direct DHS to report to FERC and Congress on cyber vulnerabilities and threats to critical electric infrastructure and provide recommendations to address the vulnerabilities and threats;
• direct FERC, after notification from DHS, to issue, in consultation with DHS, rules or orders to protect critical electric infrastructure from a vulnerability or threat, and, if the threat is imminent, to issue an emergency rule or order without prior notice or hearing;
• direct that emergency rules or orders issued by FERC shall remain effective for up to 90 days, unless the rule or order is opened to comment, and FERC subsequently affirms, amends, or repeals the rule or order;
• authorize that sensitive information submitted to FERC by the private sector be treated as Protected Critical Infrastructure Information (as defined in the Homeland Security Act);
• direct DHS to conduct an investigation to determine if the security of federally-owned critical electric infrastructure has been compromised. The investigation will focus on: extent of compromise; identification of attackers; method of penetration; ramifications of compromise; and recommended mitigation activities; and
• direct FERC, in consultation with DHS, to establish interim measures to address current known vulnerabilities, such as the Aurora vulnerability, within 120 of passage of the Act.