House Passes Cybersecurity Legislation to Protect America’s Energy Sector, Infrastructure From Hackers

House Passes Cybersecurity Legislation to Protect America’s Energy Sector, Infrastructure From Hackers
Secretary of Energy Jennifer Granholm takes questions during a media briefing at the White House in Washington on Nov. 23, 2021. (Evelyn Hockstein/Reuters)
Naveen Athrappully

The House approved legislation on July 27 that seeks to address the issue of increasing cyber threats to U.S. energy infrastructure by providing grants to university students specializing in cybersecurity.

H.R. 7569, also called the “Energy Cybersecurity University Leadership Act of 2022,” was passed with a package of other measures in a 336–90 vote.

The legislation directs the secretary of energy to create a grant program to "provide financial assistance to graduate students and postdoctoral researchers pursuing certain courses of study relating to cybersecurity and energy infrastructure.”

Energy Secretary Jennifer Granholm will be tasked with providing traineeship and research experiences to students and researchers at utilities and national labs owned by the Department of Energy.

“The United States has witnessed an alarming rise in cybersecurity threats and attacks against our energy infrastructure, including in my home state of North Carolina,” Rep. Deborah Ross (D-N.C.) said in a statement, according to The Hill.

“Our constituents rely on dependable energy sources for their lives and their livelihoods, and we cannot afford continued exposure to these types of attacks.”

Ross and Rep. Mike Carey (R-Ohio) co-sponsored the legislation in the House.

It states that integrating cybersecurity considerations into the research, design, and development of energy infrastructure will be a cost-effective way to secure U.S. electric grids, oil and gas pipelines, and other generation, transmission, and distribution systems.

After one year, Granholm must submit a report on the development and implementation of the program to the House Committee on Science, Space, and Technology and the Senate Committee on Energy and Natural Resources.

Defending Against Ransomware, Other Attacks

The legislation was inspired by a spate of attacks on U.S. energy infrastructure over the past year, including the ransomware attack on the Colonial Pipeline in May 2021, an attempt to poison a water treatment plant in Florida in February 2021, and a cyberattack against the Port of Houston in August 2021.

The Colonial Pipeline ransomware attack forced the company to shell out 75 bitcoins, worth about $4.4 million, to the hackers in a bid to get the pipeline system back online.

“It was the hardest decision I’ve made in my 39 years in the energy industry, and I know how critical our pipeline is to the country, and I put the interests of the country first,” Colonial Pipeline President and CEO Joseph Blount told a Senate panel in June 2021.

The legislation also comes as federal agencies are asking companies operating in critical industries to boost their cyber defenses because of the threat of Russian cyberattacks.

Another measure included in the legislation package approved on July 27 was the RANSOMWARE Act, an acronym for “Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies."

The RANSOMWARE Act asks the U.S. Federal Trade Commission to provide a biennial report on ransomware and other cyberattacks from foreign groups or governments against U.S. targets, with a specific focus on Russia, China, North Korea, and Iran.