Security and Resilience (Cyber and Physical)

Association urges Ryan to bring security bills to House floor

The American Public Power Association, the National Rural Electric Cooperative Association and Edison Electric Institute on Sept. 26 sent a letter to House Speaker Paul Ryan, R-Wis., urging him to bring to the House floor key energy grid security bills passed earlier this year by the House Energy and Commerce Committee.

“The threat to the grid from cyber and physical attacks is real and growing,” the trade groups noted in their letter to Ryan. “Protecting and maintaining electric sector security and reliability is a top priority for our associations and our members,” the Association, NRECA and EEI said.

“To keep up with evolving threats, the industry welcomes close coordination with government partners,” the letter went on to note.

In the FAST Act, Congress recognized the role the Department of Energy plays in grid security by designating DOE as the Sector Specific Agency for physical and cybersecurity for the energy sector and provided DOE with the authority to address imminent grid security incidents, the groups said.  Additionally, the Cybersecurity Information Sharing Act “has been helpful in facilitating sharing between industry and government. Congress has been a constructive partner to enhance grid security,” they told Ryan.

The Association, EEI and NRECA noted that the House Energy and Commerce Committee passed several bills this year aimed at strengthening our shared responsibility to protect some of the nation’s most critical infrastructure.

The groups are particularly supportive of H.R. 5174, the Energy Emergency Leadership Act, and H.R. 5240, the Enhancing Grid Security through Public-Private Partnerships Act.

H.R. 5174 would amend the DOE Organization Act to include energy emergency and energy security among the functions that the Secretary shall assign to an Assistant Secretary, with the intent to clarify and codify the functions of DOE’s new Office of Cybersecurity, Energy Security, and Emergency Response.

H.R. 5240 directs DOE to establish a program to facilitate and encourage public-private partnerships to promote and advance the physical and cybersecurity of the electric power sector.    

“Each would be a welcome addition to electric sector security practices,” the trade groups wrote in their letter. “Our industry has a defense-in-depth approach to grid security that starts with mandatory and enforceable cyber and physical security standards. To that, our companies add information sharing, planning, preparation, response, and recovery activities, as well as drills and exercises to regularly test our postures and capabilities,” they went on to note. “And as it is a shared responsibility, we partner with government at all levels and with other critical infrastructure sectors across many of these efforts.”  

In addition to passing these bills, there is more that Congress can do, the Association, EEI and NRECA said.

Specifically, they mentioned modernizing the SAFETY Act to meet the new threat of cyber-attacks, allowing electric companies access to federal databases to counter insider threats and increasing security clearances to key electric company staff, while at the same time rapidly declassifying and making available actionable information about grid security. 

Along with Ryan, the letter was sent to House Democratic Leader Nancy Pelosi, D-Calif., Rep. Greg Walden, R-Ore., Chairman of the House Energy and Commerce Committee, Rep. Frank Pallone, D-N.J., Ranking Member of the Energy and Commerce Committee, Rep. Fred Upton, R-Mich., Chairman of the House Energy Subcommittee and Rep. Bobby Rush, D-Ill., Ranking Member on the House Energy Subcommittee.