Following some intimidating cyberattacks on infrastructure around the world, such as that which took down a significant portion of the Ukrainian electrical grid in 2015, US energy officials have been seeking ways to protect US infrastructure from such threats.
US officials are familiar with the damage a purpose-built infrastructure-destroying malware can cause: Stuxnet, the virus that destroyed a good portion of Iran's nuclear centrifuges in 2009, almost certainly came from the minds of US and Israeli intelligence. As for attacks on infrastructure in general, Ukraine's Ivano-Frankivsk Oblast experienced the first, according to Wired. But even that seems to have been a trial run, and future attacks could cause much greater damage.
The Ukraine attack worked by sending a false message to grid circuit breakers telling them there was a power surge, forcing them to open. However, the power remained out only for the period of time it took Ukrainian power officials to go out and manually close the breakers again, Wired noted. Few systems in the US have that feature.
Enter the Security Energy Infrastructure Act, introduced last year by Sens. Angus King (I-ME) and Jim Risch (R-ID). It passed the Senate's Energy and Natural Resources Committee in March, and the Senate voted it up on Wednesday, Bloomberg Environment reported.
The bill, which its sponsors have described as having a "retro" approach, seeks to set aside $10 million to establish two pilot programs to test analog, non-digital and physical backups for the US power grid to mitigate the effects of a future cyberattack on the US power infrastructure. It would also establish a federal working group composed of representatives from the Energy, Homeland Security and Defense Departments, the Office of the Director of National Intelligence and the North American Electric Reliability Corporation to assess recommendations made by the pilot programs.
"For years we've seen the danger of cyberattacks grow as bad actors pursue larger and more sophisticated incursions on our vital systems, but the federal government's response has not matched the severity of these threats," King said in a statement after the Senate vote. "This commonsense, bipartisan bill is an important step in the right direction and will help protect America's critical infrastructure from devastating attacks before they happen."
Chris Cummiskey, senior fellow at the George Washington University Center for Cyber and Homeland Security and former Homeland Security undersecretary and chief acquisition officer, told Nextgov that the bill had an "interesting approach that people haven't really thought of this much."
"From a decision-maker's standpoint, when I was at Homeland Security, we would talk to the vendors all the time. We'd say, ‘We don't care what you have to do to get this thing back up and running, just do it,'" he said. "It's one of these things where, if you think that using older technologies — analog — in order to spin this thing back up is going to be more effective in the short run, then get it done, and we'll go back to the more advanced, digital approaches after you've resolved your issues."
The Hill noted in May that the bill also seeks to protect US pipelines, including aging liquefied natural gas facilities. A companion bill was introduced in the US House of Representatives, but it has yet to make it out of committee.