Senate Energy Natural Resources Committee Examines Cyberattack Readiness of the US Bulk-Power System

Aug 18, 2020

Reading Time : 3 min

Committee Chair, Sen. Lisa Murkowski (R-AK), opened the hearing by noting the importance of cybersecurity and observing that cyberattacks on the power grid are “near-constant and only growing more sophisticated.” Nor are such attacks confined to the power grid; the Senator mentioned recent attacks on both the DOE’s Hanford Site and on a facility working on a COVID-19 vaccine. Ranking Member Sen. Joe Manchin (D-WV) observed in his opening remarks that the issue is particularly pressing, as the prevalence of remote work due to COVID-19 has increased the opportunities for cyberattacks in both the power industry and elsewhere.

Questions from the Committee to the witnesses reflected the multifaceted nature of cybersecurity and the wide range of interests involved, addressing, among other things, the need for penetration and “red-team” exercises to test cyber preparedness, the resiliency of utility communications infrastructure, the need to protect natural gas infrastructure as well as the electric grid, the benefits and drawbacks of distributed generation from a cybersecurity perspective, and the simultaneous need for both increased transparency and increased security when dealing with critical infrastructure. Sen. Murkowski also expressed particular concern for the “soft underbelly” of the grid, namely the smaller utilities, such as municipals and cooperatives, which may not have the resources to devote to cybersecurity.

The Committee also asked the witnesses about the implementation of Executive Order 13920. Mr. Gates noted that the DOE has been actively engaging with the industry, and has held more than 90 calls with asset owners and manufacturers. Mr. Gates touted CESER’s Cybersecurity Testing for Resilient Industrial Control Systems (CyTRICS) program as a key part of the implementation of the Executive Order. CyTRICS will be used to test components in electric grid control systems to identify supply chain and systemic risks. Mr. Gates also outlined the four “pillars” of the DOE’s implementation of the Executive Order:

  • Prohibiting particular foreign adversaries from supplying particular BPS electric equipment.
  • Establishing a list of pre-qualified vendors of BPS electric equipment.
  • Developing advisory recommendations for the identification, isolation, monitoring and replacement of at-risk equipment currently on the BPS.
  • Presiding over the new Task Force on Federal Energy Infrastructure Procurement Policies Related to National Security.

Speaking for PJM, Mr. O’Brien noted that the biggest cybersecurity risk to the nation’s largest grid operator is its members. Although PJM itself has devoted considerable resources to cybersecurity, it cannot ensure the integrity of the data it receives from its membership, nor protect the communications infrastructure that provides that data. He observed that the North American Electric Reliability Corporation (NERC) Cybersecurity Supply Chain Risk Management standard, which PJM supports, is set to take effect in PJM and all other North American Independent System Operators and Regional Transmission Organizations (ISOs/RTOs) on October 1, 2020. He emphasized, however, the need for supply chain standards and practices to evolve constantly. With regard to the Executive Order, he urged caution, noting that although ISOs/RTOs own few electric assets, the Executive Order could have significant impacts on operations, markets and planning. PJM therefore agrees that a “surgical approach must be utilized.”

Mr. Conner of Siemens Energy responded to questions from Sen. Bill Cassidy (R-LA) about his company’s supply chain protection measures. Sen. Cassidy was particularly concerned with counterfeit goods and/or the possibility of tiny microchips being inserted in goods originating in or even passing through China. Mr. Conner responded that Siemens Energy’s U.S. operations use a preapproved vendor list and rigorous testing to counter such threats. Mr. Conner’s written testimony detailed the company’s supply chain security measures.

Mr. McClelland discussed FERC’s two-pronged approach to cybersecurity, with one side being NERC’s Critical Infrastructure Protection standards and the other being the creation of OEIS. Mr. McClelland also discussed the issue of critical infrastructure information with the Committee at some length. There appears to be momentum building to support more restricted access to Critical Energy Infrastructure Information, though there has never been a documented deliberate leak of such information under the current rules.

Share This Insight

Previous Entries

Speaking Energy

March 4, 2025

Join projects & energy transition partner Shariff Barakat at Infocast’s Solar & Wind, where he will moderate the “Tax Equity Market Dynamics” panel.

...

Read More

Speaking Energy

February 13, 2025

Oil & gas companies continue to identify and capitalize on opportunities related to the deployment of new energy technologies, with their approaches broadly maturing and coalescing around maximizing synergies, leveraging available subsidies and responding to regulatory drivers.

...

Read More

Speaking Energy

February 11, 2025

On January 30, 2025, the Federal Energy Regulatory Commission (FERC or the Commission) approved a Stipulation and Consent Agreement (Agreement) between the Office of Enforcement (OE) and Stronghold Digital Mining Inc. (Stronghold) resolving an investigation into whether Stronghold had violated the PJM Interconnection, L.L.C. (PJM) tariff and Commission regulations by limiting the quantity of energy made available to the market to serve a co-located Bitcoin mining operation.1 This order appears to be the first instance of a public enforcement action involving co-located load and generation and comes at a time when both FERC and market operators2 are scrutinizing the treatment of co-located load due to the rapid increase in demand associated with data center development.

...

Read More

Speaking Energy

February 5, 2025

2024 was about post-consolidation deal flow and a steady uptick in activity across the oil & gas market. This year, mergers & acquisitions (M&A) activity looks set to take on a different tone as major consolidation plays bed down.

...

Read More

Speaking Energy

January 30, 2025

The oil & gas industry is experiencing a capital resurgence, driven by stabilizing interest rates and renewed attention from institutional investors. Private equity is leading the charge with private credit filling the void in traditional energy finance and hybrid capital instruments gaining in popularity. Family offices are also playing a crucial role, providing long-term, flexible investments.

...

Read More

Speaking Energy

January 23, 2025

Under a second Trump presidency, the U.S. is expected to consider reversal of many of the Biden administration’s climate and environmental policies, in addition to a markedly different approach to trade policy and oil & gas regulation. This includes expanding oil & gas development on public lands and offshore, lifting the pause on liquified natural gas (LNG) exports to non-Free Trade Agreement countries and repealing the methane fee.

...

Read More

Speaking Energy

January 15, 2025

We are pleased to share a recording of Akin’s recently presented webinar, “Drilling Down: What Oil & Gas Companies Can Expect from Federal Agencies During Trump’s Second Administration.”

...

Read More

Speaking Energy

January 9, 2025

On January 6, 2025, the Federal Energy Regulatory Commission (FERC) issued a Final Rule to amend its regulations governing the maximum civil monetary penalties assessable for violations of statutes, rules and orders within FERC’s jurisdiction. The Final Rule is a result of the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015, which requires each federal agency to issue an annual inflation adjustment by January 15 for each civil monetary penalty provided by law within the agency’s jurisdiction. The adjustments in the Final Rule represent an increase of approximately 2.6% for each covered maximum penalty. FERC’s adjusted maximum penalty amounts, which will apply at the time of assessment of a civil penalty regardless of the date on which the violation occurred, are set forth here and will become effective upon publication in the Federal Register.

...

Read More

© 2025 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.