- The U.S. House of Representatives voted 398-21 last week to reauthorize a program to assist states in securing energy infrastructure against cyber and physical threats. A similar measure has not yet been introduced in the Senate.
- H.R. 1374, the Enhancing State Energy Security Planning and Emergency Preparedness Act of 2021, would reauthorize and fund the U.S. Department of Energy's State Energy Program from 2022 to 2026 at $90 million annually, for a total of $450 million.
- The bill positions the private sector to receive financial incentives for helping improve states' energy cybersecurity, which experts say will be a key to securing systems from hackers. "We really need the federal government to step up with incentives and cost relief for this to happen," Tempered Networks Senior Director of Marketing Gary Kinghorn said in an email.
In addition to its support from security vendors, HR 1374 is backed by the National Association of State Energy Officials (NASEO), which worked to develop the bill in the previous legislative session.
In a statement, NASEO said it "continues to work with Senate leaders to advance state energy emergency, resilience, clean energy, infrastructure, workforce, and equity priorities."
The bill says it aims to "secure the energy infrastructure of the State against all physical and cybersecurity threats" and "mitigate the risk of energy supply disruptions to the State and enhance the response to, and recovery from, energy disruptions."
States can use the federal financial assistance for the implementation, review, and revision of an energy security plan.
The legislation says those plans must address all fuels, including petroleum products, coal, electricity, natural gas, other liquid fuels, and regulated and unregulated energy providers. Plans must also provide a risk assessment of energy infrastructure and cross-sector interdependencies.
State plans must also provide a risk mitigation approach to enhance reliability and end-use resilience, the bill says, and they must address coordination with other states, American Indian tribes and regional bodies to "encourage mutual assistance in cyber and physical response plans."
"The fact that the bill passed the House by a 398-21 vote shows the bipartisan support that should allow it to easily pass the Senate," Kinghorn said. "It is nearly unanimously recognized that our critical infrastructure is woefully inadequate against emerging cyber threats."
The bill "provides opportunities for the private sector to receive financial incentives to improve their cybersecurity strategy," Mark Carrigan, senior vice president of sales at Hexagon, said in an email. In ultimately implementing the legislation, the lawmakers should prioritize "those entities without the means to protect their assets," he added.
"Much of the electrical generation and water treatment facilities are operated by smaller, [nonprofit] entities with limited budgets," he said.
Carrigan also said Congress should "consider a more national approach" to cybersecurity, rather than encouraging the state-by-state approach.
"Much of our critical infrastructure, including power transmission and fuel transportation, spans many state lines. Limiting the financial incentives to the state level will complicate the creation of a holistic strategy," he said.
Lawmakers say recent cyberattacks, including the shutdown of Colonial Pipeline in May, have helped underscore the urgency of the need to modernize defenses.
"This bill will help states address vulnerabilities in their energy infrastructure and modernize it to meet the challenges of the 21st century. We are hopeful the Senate will soon act on this legislation so that it can be signed into law,” Energy and Commerce Committee Chairman Frank Pallone Jr., D-N.J., and and Energy Subcommittee Chairman Bobby Rush, D-Ill., said in a statement.