Murkowski Addresses the Importance of Cyber Security Legislation

WASHINGTON, D.C. – U.S. Sen. Lisa Murkowski, R-Alaska, at a hearing of the Senate Energy and Natural Resources Committee on Thursday addressed the importance of working with the electric industry to improve the nation’s cyber security.

“The danger posed to our nation’s electricity infrastructure from a possible cyber attack is clear and should prompt Congress to provide government agencies with the authority to respond to such threats and vulnerabilities in a timely manner,” Murkowski said.

The Energy Committee is one of seven Senate committees examining the cyber issue. The Energy Committee is considering a measure that would improve cyber security in partnership with the nation’s electricity providers, which is the only industry with mandatory and enforceable cyber security standards.

“We will continue to work with the electric industry and other stakeholders to improve security of the national grid,” Murkowski said. “One area that must not be overlooked is the timely sharing of information between the government and our partners in the private sector on potential threats.”

“The measure we are considering today is just one piece of the cyber security issue. A number of other committees are looking at related issues,” Murkowski said. “We will do our part on this committee by working to report out the electricity portion, and if the full Senate decides to take a comprehensive approach on cyber legislation, we will work with other committees and Senate leadership to fit our piece into a broader bill.”

Background on Discussion Draft

The draft legislation aims to provide the Federal Energy Regulatory Commission (FERC) and the Department of Energy with tools to address known risks and weaknesses, as well as future threats, to the electric grid. It also incorporates Section 215 of the 2005 Energy Policy Act, which tasked an electric reliability organization (NERC) with developing mandatory, enforceable reliability standards in partnership with industry stakeholders.

The discussion draft authorizes FERC to:

  • Determine whether the existing suite of reliability standards is adequate to protect critical electric infrastructure from cyber security vulnerabilities.
  • Require NERC to submit a proposed reliability standard (or modification to an existing standard) that adequately protects critical electric infrastructure from cyber security vulnerabilities, if FERC determines that the existing suite of reliability standards is inadequate.
  • Issue an interim final rule that adequately protects critical electric infrastructure from cyber security vulnerabilities if NERC fails to do so.

The discussion draft authorizes the Secretary of Energy to:

  • Take action, with or without notice, that will best avert or mitigate a cyber security threat if it’s determined that immediate action is necessary.  Such action is applicable to persons subject to FERC jurisdiction and is limited to a 90-day period.