Recently proposed federal legislation seeks to prevent and mitigate the impacts of cybersecurity attacks on the critical components of the Nation’s electrical infrastructure. In particular, the “SHIELD Act” aims to secure the bulk-power system and electrical infrastructure critical to the defense of the United States against the threat of a malicious electromagnetic pulse (EMP) or natural geomagnetic disturbance (GMD) that could cause widespread and long-lasting disruption, damage or destruction of electrical equipment. Other legislation proposes greater coordination among federal agencies in identifying and protecting against cyber threats, while seeking to safeguard privacy and civil liberties. These proposals are among other recent initiatives by the federal government to address the vulnerabilities of the power grid to cyber threats.

SHIELD Act

Introduced on February 11, 2011 by Congressman Trent Franks (R-Arizona), the Secure High-voltage Infrastructure for Electricity from Lethal Damage Act (H.R. 668) (SHIELD Act) focuses on the threat posed by malicious EMPs (such as nuclear arms attacks) and natural GMDs (such as solar flares) to the physical reliability of the Nation’s electrical infrastructure. Similar to last year’s proposed Grid Reliability and Infrastructure Defense Act (GRID Act), the SHIELD Act would (among other things):

-Authorize the Federal Energy Regulatory Commission (FERC), upon identification of an imminent grid security threat arising from malicious EMPs or natural GMDs, to issue orders to the North American Electric Reliability Corporation (NERC), the Regional Entities charged with enforcing the mandatory NERC Reliability Standards, and users, owners and operators of the bulk-power system to take emergency measures to protect the reliability of the bulk-power system and/or defense critical electric infrastructure;

-Authorize FERC to provide for cost recovery of “substantial costs” incurred in compliance with such emergency orders;

-Authorize FERC to issue rules or orders to protect against grid security vulnerabilities to malicious EMPs where FERC determines that the NERC Reliability Standards do not provide for sufficient protection; FERC’s rules or orders would be rescinded upon approval of a sufficient NERC Reliability Standard;

-Require NERC to propose, within one year, Reliability Standards addressing “reasonably foreseeable” EMPs and GMDs, based upon FERC’s specification of the “nature and magnitude” of such threats; such Reliability Standards would be required to balance the attendant risks and mitigation costs;

-Require NERC to propose, within two years, Reliability Standards addressing the availability of “large transformers” capable of restoring reliable operations after an EMP or GMD event; such Reliability Standards would be required to balance risks and costs and would require entities that own or operate large transformers to ensure adequate availability of large transformers in the event they are destroyed or disabled by an EMP or GMD occurrence; and

-Require the President to identify up to 100 critical defense facilities that would be subject to FERC rules and orders prescribing measures to take to protect against malicious EMPs, subject to the owners of the facilities agreeing to incur the costs necessary to comply with the FERC rules and orders.