Cybersecurity Focus Shifts To Energy Infrastructure

Husch Blackwell LLP

The Biden Administration has committed to making cybersecurity a top priority and is now turning its focus towards energy infrastructure, which is widely recognized as vulnerable to cyberattack due to grid control systems. The U.S. Department of Energy (DOE) has launched a 100-day initiative to “advance technologies and systems that will provide cyber visibility, detection, and response capabilities for industrial control systems of electric utilities.”

Since the initiative was announced on April 20, 2021, Colonial Pipeline reportedly became the victim of a ransomware attack that forced a precautionary shutdown of the pipeline. Colonial Pipeline supplies almost fifty percent of the East Coast’s gasoline, diesel and jet fuel. The attack was one of the most successful cyberattacks on oil infrastructure in the U.S. to date and highlights the vulnerability of critical U.S. infrastructure.

DOE’s initiative outlines four primary areas of focus: (1) encouraging the implementation of measures that increase “detection, mitigation, and forensic capabilities; (2) setting “concrete milestones” designed to “enable near real time situational awareness and response capabilities”; (3) supporting and increasing the “cybersecurity posture of critical infrastructure information technology (IT) networks”; and (4) establishing a voluntary program “to deploy technologies to increase visibility of threats in ICS and OT systems.”

In addition to the 100-day initiative, the DOE also recently issued a Request for Information (RFI) seeking input on supply chain security in U.S. energy systems. This follows Trump’s Executive Order 13920, which concentrated on securing the United States bulk-power system supply chain and is set to expire on May 1, 2021. The RFI is intended for DOE to “evaluate new executive actions to further secure the nation’s critical infrastructure” and “strengthen the domestic manufacturing base.” The RFI also represents a key opportunity for stakeholders to address concerns and implementation problems that arose under EO 13920. Responses to the RFI are due by 5:00 pm on Monday, June 7, 2021.

Beyond the foregoing Executive Branch actions, Congress has also demonstrated a renewed interest in addressing these issues. Three bills focused on improving the electric grid’s resilience to cyberattack (H.R. 360, H.R. 359, and H.R. 362) were introduced in the last congress but none of them became law. In the last month, new versions of all three of these bills have been introduced. On April 30th, Bob Latta (R-OH) and Jerry McNerney (D-CA) introduced two bills, the “Cyber Sense Act and the Enhancing Grid Security through Public-Private Partnerships Act” and the “Enhancing Grid Security through Public Private Partnerships Act.” Then on May 11th Bobby Rush (D-IL) and Tim Walberg (R-MI) introduced the “Energy Emergency Leadership Act” to consolidate responsibility for energy emergencies and cybersecurity in the DOE. Although the last Congress’s legislative efforts were unsuccessful, the increased focus on cybersecurity coupled the notoriety of the Colonial Pipeline attack may lead to a different result this time around.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Husch Blackwell LLP | Attorney Advertising

Written by:

Husch Blackwell LLP

Husch Blackwell LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.