The Senate on Wednesday approved a wide-ranging energy bill that would give the government more power to protect the electric grid from cyberattacks.
The energy bill — which passed by an 85-12 vote — had long-standing, broad support but was delayed for more than two months amid partisan bickering over the inclusion of emergency funds to help Flint, Mich., battle the lead contamination in its water supply.
The thick bill includes an extensive section dedicated to better securing the nation’s electric grid, which officials and experts say remains dangerously exposed to foreign cyber spies and hackers.
The cyber passages would give the Department of Energy (DOE) greater power to intervene during a cyber crisis, authorize funds through 2025 to establish cyber-testing programs and conduct cyber research and better delineate the DOE’s overall role in defending the grid from digital intrusions.
The section would be a significant addition over the last energy bill that passed Congress in 2007. That legislation contained only passing references to cybersecurity.
Primarily, the 2016 bill would allow the president to determine when “immediate action” is needed to protect the power grid from hackers and direct the DOE to step in. The Energy secretary would then have the authority to tell electric companies what to do.
More broadly, the legislation better delineates the DOE’s cyber responsibilities as part of Congress’s efforts in recent years to decide which federal agencies are best suited to handle various digital security concerns.
The measure emphasizes that DOE is the primary cybersecurity agency for the energy sector, serving as the “day-to-day federal interface” for companies that control the power grid.
To execute this mission, the bill would authorize $100 million each year through 2025 to conduct research and develop digital defense testing programs. The bulk of the money, $65 million a year, would go toward a program that would identify whether energy sector products are vulnerable to known cyber threats.
Protecting the U.S. power grid has rapidly become a top priority for officials, as hackers increasingly set their sights on poorly defended electric grids around the world.
Hackers already target the domestic energy sector more than any other critical infrastructure industry, according to the most recent government report. There are more reported cyber incidents in the energy industry than in healthcare, finance, transportation, water and communications combined.
Suspected Russian hackers last December even caused a power outage in Ukraine that affected 225,000 people, putting energy companies everywhere on edge. The incident is believed to be the first time hackers have caused a widespread blackout.
The Senate and House will now work to combine their two versions of the energy bill. The lower chamber passed its companion legislation in December.