WASHINGTON — Colorado U.S. Senators Cory Gardner and Michael Bennet this week introduced two bills in Congress to protect the country’s energy infrastructure from cyberattacks as evidence mounts of a growing threat.
Among their provisions: The legislation would provide $90 million a year to states to develop energy security plans. In addition, the U.S. Energy Department would be required to identify any vulnerabilities to cyberattacks in the nation’s electrical power grid.
Gardner, a Republican, discussed his proposals during a Senate Energy and Natural Resources Committee hearing Thursday. He mentioned a recent Energy Department report that acknowledged “several gaps” in power grid security.
He said his proposed legislation would help “ensure the state has a reliable, secure and resilient energy infrastructure.”
Although cyberattacks against electrical systems are a primary focus of the bills, they also seek to protect energy sources that include petroleum, coal and natural gas.
The bills from the Colorado senators were introduced only weeks after a Homeland Security Department test on Plum Island in New York showed cyberattackers could shut down a power grid.
One set of researchers used cyberattacks to disrupt the island’s grid while a second group of experts used new Defense Advanced Research Projects Agency tools to restart it and protect it. Plum Island is used as a federal animal research facility.
Defense Department officials said the test was much more than an academic exercise.
In 2015 and 2016, Russian cyberattackers caused large power outages in the Ukraine as tensions between the countries rose. More recently, persistent probing of the U.S. electrical grid for weaknesses has been traced back to Russian computer experts.
One of the bills introduced this week is called the Enhancing State Energy Security Planning and Emergency Preparedness Act. The bill describes requirements for “State Security Plans.”
The Energy Department would provide them with technical assistance to develop their plans. States would need to participate in joint exercises with industry and federal stakeholders.
A second bill seeks the same goal of protecting energy systems but would benefit mostly rural areas and small towns. It is called the Enhancing Grid Security through Public-Private Partnerships Act.
It would authorize the Energy Department to provide physical and cybersecurity assistance to electric utilities that have few resources to protect themselves. In general, they would be small utilities in rural areas or isolated from the biggest power grids.
The technical assistance would include threat assessments, training and sharing best practices.
“We have our work cut out for us to protect the electric grid across rural and urban America, and these bills are a good starting point,” Bennet, a Democrat, said.
The bills introduced this week continue efforts by the Colorado senators to improve cybersecurity for energy systems.
In June, they co-sponsored an amendment in the energy and water spending bill to help veterans prepare for careers in cybersecurity and clean energy. Congress approved the bill, which has been signed into law.
The Colorado senators also contributed provisions to the 2018 Senate Farm Bill that would make cybersecurity and grid improvement projects eligible for U.S. Agriculture Department Rural Utility Service loans.
The new proposed legislation is winning support from some industry groups and government agencies.
“These bills are necessary to allow for a strong electric utility infrastructure, while building a desperately needed partnership between government and industry,” Jim Orahood, vice president of Ampex Data Systems Corp., said in a statement.
Ampex is an electronics company with products that include digital data storage and aviation equipment. One of its facilities operates in Colorado Springs.
Vance Brown, chief executive of the National Cybersecurity Center, said in a statement, “Considering the facts that the U.S. electrical grid is vulnerable and has already been attacked, and it is owned and operated by multiple entities, it therefore makes sense that coordinated efforts be established to safeguard our way of life.”
The National Cybersecurity Center has an office in Colorado Springs.