Subcommittee on Energy and Power Discusses Legislation to Protect Electric Grid from Cyber Attacks

May 31, 2011

WASHINGTON, DC - The House Energy and Commerce Subcommittee on Energy and Power, chaired by Rep. Ed Whitfield (R-KY) held a hearing today to discuss draft legislation needed to ensure our nation's vital electric infrastructure is not vulnerable to cyber attacks and other threats.

Intelligence officials have revealed that nations including China and Russia have recently engaged in cyber espionage to probe our electric grid. These intrusions highlight vulnerabilities and high security risks. Cyber attacks remain a top threat to our national security, particularly threats to our power sources, water supply, telecommunications systems, and chemical facilities.

Current security and reliability standards for the electric grid are formed and implemented by the North American Electric Reliability Corporation (NERC). NERC's standards have advanced our grid security; however, the NERC process is ill-suited to respond to imminent cyber threats.

In order to bolster the security of the nation's grid, the committee is considering draft legislation, entitled the "Grid Reliability and Infrastructure Defense Act" or the "GRID Act." The draft proposal, identical to legislation introduced last Congress by Chairman Fred Upton (R-MI) and Rep. Ed Markey (D-MA), would amend the Federal Power Act to enhance the authority of the Federal Energy Regulatory Commission (FERC) to protect the nation's bulk-power system and infrastructure.

"The GRID Act gives FERC the authority to respond to an imminent attack. The risk of such an attack is real, and the implications for our national security and our economy will be far-reaching if we do not act now to adequately protect the grid," said Energy and Commerce Chairman Fred Upton (R-MI).  "Building on last year's progress, I am eager to continue working in a bipartisan manner to produce the best legislation we can to bolster the security of the grid."

"A secure grid is of utmost importance to our national security and our national economic interests.  The grid is vital to all aspects of American life. The daily lives of all Americans are powered by electricity provided by the electric grid, the disruption of which would cut off the supply of electric power to our homes, hospitals, schools, offices, farms and factories," said Whitfield. "The draft legislation provides FERC with authority to identify and remedy weaknesses that leave the grid vulnerable to cyber attacks."

Witnesses at today's hearing stressed the need for Congressional action to address cybersecurity threats and vulnerabilities. Witnesses included representatives from the U.S. Department of Energy, the U.S. Department of Defense, the Federal Energy Regulatory Commission (FERC), and the North American Electric Reliability Corporation (NERC). Members emphasized that the current draft legislation is a starting point for the discussion, and that additional steps may be taken to ensure the legislation includes the appropriate steps to coordinate with industry to ensure the safety and security of our bulk power supply.

Joseph McClelland, Director of the Office of the Electric Reliability at FERC testified that the Commission's current authority is not adequate to address cyber threats. "Widespread disruption of electric service can quickly undermine the U.S. government, its military, and the economy, as well as endanger the health and safety of millions of citizens. Given the national security dimension to this threat, there may be a need to act quickly to protect the grid, to act in a manner where action is mandatory rather than voluntary, and to protect certain information from public disclosure. The Commission's current legal authority is inadequate for such action," said McClelland. "The GRID Act in front of us today would go a long way to resolving this issue."