As cybercriminals continue to set their sights on public utilities, a bipartisan effort led by Sens. Lisa Murkowski (R-AK) and Joe Manchin (D-WV) is aiming to turn up the dial on U.S. electric grid cybersecurity.

Recently passed by the Senate Energy Committee, The Protecting Resources On The Electric Grid with Cybersecurity Technology (S. 2556), referred to as the PROTECT Act, will direct the Federal Energy Regulatory Commission (FERC) to give incentives to electric utilities to encourage them to boost their cybersecurity technology. For those utilities not regulated by FERC, the bill will establish a grant and technical assistance program for advanced cybersecurity technology at the Department of Energy (DOE).

Intensifying cybersecurity threats

In recent years, the vulnerability of the U.S. electric grid has come under scrutiny as foreign operatives have increased their efforts to attack U.S. public utilities and compromise the country's electric supply. A new report from Siemens and the Ponemon Institute found the rate of cyberattacks on the utility industry may be worsening. Fifty-six percent of those surveyed reported at least one shutdown or operational data loss per year, and 25% were impacted by a so-called "mega attack."

Regulators are already on high alert, as earlier last year, FERC had introduced stricter standards on electric grid cybersecurity, expanding the scope of attacks utilities need to report to grid reliability regulators and the U.S. Department of Homeland Security. Murkowski, the chairman of the Committee on Energy and Natural Resources and Manchin, the committee's ranking member, hopes this bill will stimulate the considerable investment in technology, human resources and training needed to address this ever-evolving threat.

In a release from the U.S. Senate Committee on Energy & Natural Resources, Murkowski said, "We know the threat of cyberattacks by our foreign adversaries and other sophisticated entities is real and growing. Our bill takes steps to ensure utilities across our country are able to continue investing in advanced, cutting-edge cybersecurity technologies while also strengthening the partnership between private industry and the federal government."

Utilities need to boost cybersecurity now

Unfortunately, the general public has become all too aware of what a cybersecurity breach can do to a company and its customers. And just recently, more than a dozen smaller U.S. utilities were targeted when hackers used "phishing" emails to try to embed malware to take control of the utilities' computers.

So now more than ever, hardening cybersecurity defenses is an absolutely critical step utilities must take to protect themselves and the grid from being compromised by malicious actors.

The federal government has the right idea in stepping up now to work with electric utilities companies. It will require mobilizing the combined resources of the electric utility companies and the Federal government to develop the technically advanced defenses essential to protecting the U.S. energy grid against the nation-states and other threat actors that either have, or are building, sophisticated cybersecurity weapons capable of exploiting cyber vulnerabilities in our existing infrastructure.  If passed in the full Senate, this bipartisan effort will be an important step to ensuring the lights always stay on for the country's homes and businesses.

In addition, the National Association of Regulatory Utility Commissioners has stepped up by issuing guidance for regulated utilities in this area through informational sessions and through its Critical Infrastructure Committee, which provides State regulators a forum to analyze and collaborate on solutions to utility infrastructure security and delivery concerns.

Learn more about this issue and how Buchanan Ingersoll & Rooney can help protect your company against cybersecurity and data privacy threats.

This article, originally published October 18, 2019, was revised and updated January 1, 2020.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.