The proposed legislation did not get much play last week – there were a few other things going on – but, nonetheless, a bipartisan U.S. Senator duo are pushing efforts to bolster power grid cybersecurity, Kallanish Energy reports.

Republican Sen. Lisa Murkowski from Alaska, and Democrat Sen. Joe Manchin from West Virginia are leading the charge (no pun intended) for “The Protecting Resources on the Electric Grid with Cybersecurity Technology Act (Senate Bill 2556), aka the “Protect Act.”

Amends Power Act

S.B. 2556 amends the 100-year-old Federal Power Act to provide energy cybersecurity investment incentives, to establish a grant and technical assistance program for cybersecurity investments, and for “other purposes.”

FERC, the Federal Energy Regulatory Commission, as per the bill’s direction would offer incentives to electric utilities to boost their cybersecurity technology.

“The PROTECT Act amends the Federal Power Act to provide energy cybersecurity investment incentives, and to establish a grant and technical assistance program for cybersecurity investments,” the amendment states.

FERC heavily involved

The bill directs FERC to issue a rulemaking on rate incentives for advanced cybersecurity technology. It also establishes a U.S. Department of Energy grant program for utilities that aren’t regulated by FERC, such as cooperatives and municipal utilities, to deploy advanced cybersecurity technology.

The U.S. power grid’s vulnerability to cyberattacks has been scrutinized in recent years, according to attorneys Sue C. Friedberg and Edward G. Hild, with the law firm Buchanan Ingersoll & Rooney.

An October 2019, report from Siemens and the Ponemon Institute found 56% of survey respondents reported at least one shutdown or operational data loss per year due to cyberattacks, and 25% had been impacted by so-called mega-attacks.

Stricter standards introduced in 2019

In 2019, FERC introduced stricter standards on electric grid cybersecurity, expanding the scope of attacks utilities need to report to grid reliability regulators and the U.S. Department of Homeland Security, according to Friedberg and Hild.

“The vulnerability of critical infrastructure to cyberattacks has potential to cause severe financial, environmental and infrastructure damage, as 64% of Siemens-Ponemon Institute survey respondents said sophisticated attacks are a top challenge, and 54% expect an attack on critical infrastructure in the next year

Murkowski, chairperson of the U.S. Senate Committee on Energy and Natural Resources and Manchin, the committee’s ranking minority member, hope S.B. 2556 will stimulate the investment in technology, human resources and training needed to address ever-evolving cyberthreats.

Threats ‘real and growing’

“We know the threat of cyberattacks by our foreign adversaries and other sophisticated entities is real and growing,” Murkowski said when the big was introduced last September. “Our bill takes steps to ensure utilities across our country are able to continue investing in advanced, cutting-edge cybersecurity technologies while also strengthening the partnership between private industry and the federal government.”

The Murkowski-led Senate Committee on Energy and Natural Resources inserted an amendment into the original legislation language on Jan. 7.

Among the language added:
•    Not later than 180 days after the date of enactment, FERC, in consultation with the Secretary of Energy, the North American Electric Reliability Corporation, the Electricity Subsector Coordinating Council, and the National Association of Regulatory Utility Commissioners, will conduct a study to identify incentive-based, including performance-based, rate treatments for the transmission and sale of electric energy subject to the jurisdiction of FERC that could be used to encourage investment by public utilities in advanced cybersecurity technology; and participation by public utilities in cybersecurity  threat information sharing programs.
•    Not later than one year after the completion of the study, FERC will establish incentive-based, including performance-based, rate treatments for the transmission of electric energy in interstate commerce, and the sale of electric energy at wholesale in interstate commerce by public utilities for the purpose of benefitting consumers.
“It’s no secret that cybersecurity threats are ever evolving and our electric grid remains a top target,” Manchin said when the bill was introduced. “The PROTECT Act would create additional incentives for utilities to enhance their cybersecurity efforts and increase their resilience to attacks. It’s past time we take common sense steps like this one to bolster grid cybersecurity and I’m proud to cosponsor the PROTECT Act.”

This post appeared first on Kallanish Energy News.