The United States Congress is currently considering several bills addressing cybersecurity issues. Below are brief summaries of four such bills.
The Grid Reliability and Infrastructure Defense (“GRID”) Act
The GRID Act was passed by the House of Representatives on June 9, 2010. This bill would amend the Federal Power Act to grant the Federal Energy Regulatory Commission (“FERC”) authority to issue emergency orders requiring critical infrastructure facility operators to take actions necessary to protect the bulk power system. Prior to FERC issuing such an order, the President would have to issue a written directive to FERC identifying an imminent threat to the nation’s electric grid. FERC would be required to consult with federal agencies or facility operators before issuing an emergency order only “to the extent practicable” in light of the nature of the threat. The GRID Act is being considered by the Senate Committee on Energy and Natural Resources at this time.
Protecting Cyberspace as a National Asset Act of 2010
The Senate Homeland Security and Government Affairs Committee passed the Protecting Cyberspace as a National Asset Act of 2010 on June 24, 2010. The bill is a comprehensive, multi-sector bill requiring the Department of Homeland Security (“DHS”) to coordinate its response to cyber emergencies with agencies and regulators that have jurisdiction over critical energy infrastructure. The critical energy infrastructure to be protected would be classified and would require higher levels of security for assets that are at higher risk of a cyber attack. The Protecting Cyberspace as a National Asset Act of 2010 aims to leverage the utility expertise of public-private partnerships and the law enforcement and intelligence gathering expertise of DHS to assess threat levels before requiring action that could have operational consequences for the nation’s electric grid. A companion bill has not yet been introduced in the House of Representatives.
The American Clean Energy Leadership Act
The American Clean Energy Leadership Act was passed by the Senate Energy and Natural Resources Committee on July 16, 2009. It was a likely candidate for passage (either by itself or as part of a broader energy package) until climate change negotiations broke down in the Senate. The American Clean Energy Leadership Act would amend the Federal Power Act to grant FERC authority to issue emergency orders without notice or hearing in order to protect the electric grid from “cybersecurity vulnerabilities,” which are defined as weaknesses or flaws in design or operation that expose the energy grid to cybersecurity threats. The bill would grant the Secretary of Energy similar authority to issue emergency orders in the event of an imminent threat that could disrupt the operation of the nation’s electric grid. Unlike the GRID Act, The American Clean Energy Leadership Act would grant FERC the authority to issue orders only to electric infrastructure operators, and would not be contingent on a presidential directive.
The Cybersecurity Enhancement Act of 2010
The Cybersecurity Enhancement Act of 2010 was the first major cybersecurity bill to reach the floor of either house in the 111th Congress. This bill, which has broad bipartisan support, passed the House of Representatives on February 4, 2010. This bill differs from other cybersecurity legislation because it does not create emergency government authority for cybersecurity threats, nor does it specifically address the energy or utility industries. Instead, the Cybersecurity Enhancement Act of 2010 charges the National Institute of Standards and Technology and the National Science Foundation with addressing several issues pertaining to cybersecurity, including: 1) public education and security awareness; 2) interoperability and standards; 3) research and development investment objectives; and 4) cybersecurity workforce development. The Cybersecurity Enhancement Act of 2010 is currently under consideration in the Senate Committee on Commerce, Science and Transportation.