Computer hackers have begun targeting power plants and other critical operations around the world in bold new efforts to seize control of them, setting off a scramble to shore up aging, vulnerable systems.

Cyber criminals have long tried, at times successfully, to break into vital networks and power systems. But last month, experts for the first time discovered a malicious computer code — called a worm — specifically created to take over systems that control the inner workings of industrial plants.

In response to the growing threat, the Department of Homeland Security has begun building specialized teams that can respond quickly to cyber emergencies at industrial facilities across the country.

As much as 85 percent of the nation’s critical infrastructure is owned and operated by private companies, ranging from nuclear and electric power plants to transportation and manufacturing systems. Many of the new attacks have occurred overseas, but the latest episode magnified worries about the security of plants in the U.S.

“This type of malicious code and others we’ve seen recently are actually attacking the physical components, the devices that open doors, close doors, build cars and open gates,” said Sean McGurk, director of control systems security for Homeland Security. “They’re not just going after the ones and zeros (of a computer code), they’re going after the devices that actually produce or conduct physical processes.”

Officials have yet to point to any operating system that has been compromised by the latest computer worm. But cyber experts are concerned that attacks on industrial systems are evolving.

In the past, it was not unusual to see hackers infiltrate corporate networks, breaking in through gaps and stealing or manipulating data. The intrusions, at times, could trigger plant shutdowns. The threat began to escalate last year, with cyber criminals exploiting weaknesses in systems that control what the industries do.

The latest computer worm, dubbed Stuxnet, was an even more alarming progression. Now hackers are creating codes to actually take over the critical systems.

In many cases, operating systems at power plants and other critical infrastructure are decades old. Sometimes they are not completely separated from other computer networks used by companies to run administrative systems or even access the Internet.

Those links between the administrative networks and the control systems provide gateways for hackers to insert malicious codes, viruses or worms into the programs that operate the plants.

Sitting in his office not far from Homeland Security’s new state-of-the-art cyber operations center, McGurk recently held out a small blue computer flash drive containing the destructive Stuxnet worm.

Experts in Germany discovered the worm, which has since shown up in a number of attacks — primarily in Iran, Indonesia, India, and the U.S., according to Microsoft. Stuxnet had tried to infect as many as 6,000 computers, as of July 15, according to Microsoft data.

German officials transmitted the malware to the U.S. through a secure network, and experts at the Energy Department’s Idaho National Laboratory began to analyze it.

In plain terms, the worm was able to burrow into some operating systems that included software designed by Siemens AG, by exploiting a vulnerability in several versions of Microsoft Windows.

On Monday, Microsoft released another update to address the problem, and Siemens has taken similar steps.

Annual reports issued by Homeland Security and the Department of Energy have detailed weaknesses in the industrial computer systems, and have repeatedly pressed companies to improve security practices. Reports as recently as this May urged companies to routinely download patches to update software, change and improve passwords, carefully restrict access to critical systems and use firewalls to separate commonly used networks from those that control key systems.

A successful attack against a critical control systems, the Energy Department warned in its May report, “may result in catastrophic physical or property damage and loss.”

Over the past year, Homeland Security has quietly been deploying teams of experts around the country to assess weaknesses in industrial control systems. The agency has created four teams and — with a budget scheduled to increase from $10 million this year to $15 million next year — has plans to grow to 10 teams in 2011.

The teams are armed with a $5,000 kit: a black, suitcase-sized bag crammed with cables, converters, data storage and high-tech computer forensic tools. With that equipment, they can download the problem malware, analyze it and work with the companies to correct or clean their systems.

So far, said McGurk, the teams have done 50 assessments and have been dispatched 13 times to investigate and help correct cyber incidents and attacks. Nine of those cases involved some type of deliberate cyber intrusion, while the other four were the unintended result of an operator’s action.

In one of the nine intrusion cases, a company representative had gone to a conference and had the presentation documents downloaded onto a computer flash drive.

One of the files was infected with the Mariposa botnet, a malicious software code that has infected 12 million computers worldwide, including hundreds of companies and at least 40 major banks in 190 countries since appearing in December 2008.

When the man returned to his office and connected his laptop to the company’s network, the botnet spread, eventually affecting nearly 100 computers.

A Homeland Security team was called in and helped the company evaluate the problem and begin to clear up the system.

View the article

By Lolita C. Baldor(AP)

Google.com, August, 2010

The discovery of the first worm to target networks controlling power plants points has prompted an expansion of specialized forensic teams to combat the cybersecurity threat.

The Department of Homeland Security (DHS) plans to ramp up a program that sends specialized forensic teams to combat the cybersecurity threat on U.S. critical control systems, such as those that control power plants, industrial facilities and air-traffic control systems.

For the past year, the DHS has sent out four special teams — collectively a part of the Industrial Control System Computer Emergency Readiness Team — on missions to examine these systems to determine threats and respond to technical-support calls from private-sector partners.

However, the department plans to expand the program next year, a move that coincides with the discovery last month of the first worm designed to specifically attack such systems.

“There is no shortage of demand for this service from the DHS among our partners in the private sector,” said DHS spokesman Amy Kudwa Wednesday. “That there has been this worm that is specifically focused on control systems only solidifies our focus on expanding this program.”

The system attacked was based on technology from Microsoft and Siemens, which have developed patches for the worm, she added.

The worm attacked four systems, none of which were in the U.S. However, its presence is enough to put the DHS on alert for more direct attacks on critical systems.

The specialized control-system teams — which fall under the purview of the National Cybersecurity Division (NCSD), part of the DHS Office of Cybersecurity and Communications — went on 13 missions last year armed with a $5,000 case full of specialized forensic technology to identify malware on control systems

The expansion of the NCSD’s budget for the program from $10 million to $15 million is meant to increase the number of teams available for these service calls from four to 10 in 2011.

Response to the threat on critical control systems is not new. The DHS has been keeping a close eye on them and published reports about how to address vulnerabilities for about five years. The systems are high risk given that they are often built on outdated technology that does not have the same security level as newer systems.

Earlier this month, the Wall Street Journal revealed that the National Security Agency (NSA), too, is expanding its interest in protecting control systems. The agency is set to launch a program specifically aimed at assessing vulnerabilities and developing capabilities to secure them.

While the government’s interest in these systems is aimed at keeping crucial systems protected and online in the event of a cyberattack, it also has raised questions of privacy and just exactly what the government’s role should be in protecting privately owned networks.

View the article

By Elizabeth Montalbano

Information Week, August 4, 2010

In the USA today, Siemens is strongly warning its users that Trojan, which is the name of a certain malware program is directly targeting PCS 7 as well as Simatic WinCC. This virus is further distributed with the use of USB memory sticks. The sad part is that it is very good at taking advantage of the present vulnerabilities of Microsoft security.

As reported, the malware has negative results on all of the Windows computers, especially from XP on up.

Unfortunately, merely one click in order to view the contents of a particular USB memory stick can actually end up activating the Trojan virus. This is why Siemens recommends its users to, as much as possible; avoid using a USB memory stick on multiple personal computers, especially those that are running the WinCC software.

The Virus

This malicious code has been named W32 or Stuxnet-B. It propagates through USB drives that have been infected with the malformed shortcut .lnk files. The code is activated when the user starts to insert the memory stick and then clicks to view the contents of that particular USB with the use of Windows Explorer or some other applications that gets to display the icons of the files.

Although it is true that its main aim is WinCC, it can still target any of the systems under Windows, as long as it is capable of accepting removable media. The code seems to rely largely on undisclosed vulnerability in how Windows .lnk files are handled.

Smart Malware

It is quite smart, actually, since it is well aware that it needs to bypass the readily installed Microsoft controls that make sure that drivers are to be signed digitally. Being a smart malicious code as it is, its creators made sure that it contained the digital signature of Realtek Semiconductor Corp. This way, it could gain all access entry.

With this virus up and coming on Siemens gadgets, the company decided to take all precautions in order to alert its loyal clients to the possible dangers of this aforementioned malware. The sales team has already been informed, and the company’s customer representatives will be speaking directly to the clients in order to fully and genuinely explain the given circumstances. As the first warning, Siemens tells their users to actively check their computer’s systems, especially ones that have been installed with WinCC.

To date, a trio of highly effective virus scan programs has already been recommended for systems that are under Siemens. They are, namely, Symantec, Trend Micro, and McAfee, which also happen to be the best virus scan programs in the entire market. Additionally, their latest versions or upgrades are also the best when it comes to successfully detecting Trojan.

Deploying such virus scan programs on Runtime environment can have some unexpected results. To date, these results are still being investigated fully in order for everyone to obtain further understanding on the matter. Still, experts are pretty much verbal in implying that approval will be issued very shortly.

View the article

Tech Genie, August 2, 2010

The recently discovered Stuxnet worm that contains the password for Siemens’ SCADA systems is wreaking havoc around the world.

The Simatic WinCC SCADA system, which runs on Windows and is used by many utilities and factories, uses a database that is protected by a hard-coded password that has been publicly revealed on a couple of forums back in 2008.

The worm takes advantage of a yet unpatched Windows vulnerability affecting the way that Windows handles shortcut files, which allows it to spread via CDs, USB sticks or file-sharing among computers in a network.

If it finds SCADA software, the worm proceeds to enter the database and search project files, then tries to copy them to an external website. If it fails to find said software, it simply copies itself somewhere on the system and lays dormant.

This particular worm is obviously intent on stealing all the information about the way that these companies work – counterfeiters will have a field day with it.

The worm is spreading like fire – Symantec registers some 9,000 attempts of infection per day. SCADA users are panicking and consider changing the hard-coded password.

Siemens recommends against it, as it could disrupt the whole system. According to Network World, they promise to publish a customer guidance document soon, but they say that the solution will definitely now involve a change of password. They also mean to set up a website that will offer details about the worm.

In the meantime, Microsoft has released a security advisory regarding the vulnerability, and advises users to disable icons from being displayed for shortcuts and/or disable the WebClient service.

Siemens’ spokesman Michael Krampe said that the company “has started to develop a solution, which can identify and systematically remove the malware,” but didn’t offer a date for the release of the software.

View the article

By Zeljka Zorz

Help Net Security, July 20, 2010

Security experts launch a cyber attack “war game” to test the nation’s cyber security defenses.

View the article

CNN, February 16, 2010

Critical infrastructure systems around the world are the targets of repeated cyberattacks, according to a new global survey of technology executives in these industries. They believe some of the attacks are coming not just from individual cybercriminals but terrorists and foreign nation states.

The United States and China are believed to be the most likely countries to conduct a cyberattack against the critical infrastructure of another nation, according to the respondents. Companies and agencies operating in the banking and finance sectors, energy and natural resources, telecommunications and internet service providers, transportation and mass transit, chemical production and storage, food distribution and government services are considered critical infrastructure companies.

The attacks that are occurring include massive denial of service attacks, stealthy efforts to penetrate networks undetected, DNS poisoning, SQL injection attacks and malware infections. The aims of the attacks vary from shutting down services or operations to theft of services and data or extortion attempts.

Among the more serious findings in the report is that some of the most sensitive critical infrastructure entities around the world, such as those for energy and natural-resource industries (such as water and sewage plants), are some of the least secure. For example, 80 percent of executives working for entities that use SCADA (supervisory control and data acquisition) or Industrial Control Systems say their systems are connected to the internet or some other IP network, putting them at possible risk of intrusion. Executives at water and sewage facilities also reported having the lowest level of security measures in place.

About 55 percent of respondents in the energy and power and the oil and gas sectors reported that the attackers most often targeted the SCADA or other operational control systems, although the survey offers no indication of how successful these attacks were. Only 57 percent of respondents across all sectors said their organization installed security patches and updated software on a regular schedule.

The report, “In the Crossfire: Critical Infrastructure in the Age of Cyberwar,” was commissioned by anti-virus firm McAfee and coordinated by the Center for Strategic and International Studies in Washington, DC. It was led by Stewart Baker, a visiting fellow with CSIS and former assistant secretary for policy at the Department of Security during the last Bush administration. Baker was also general counsel for the National Security Agency in 1992 to 1994.

The survey involved 600 IT and security executives in critical infrastructure industries in 14 countries, including financial, transportation and mass transit, energy and natural resources, telecoms and ISPs. The executives surveyed have responsibilities in information technology, security and operational control systems. The release of the report was timed to coincide with the World Economic Forum being held through the end of January in Davos, Switzerland, and follows on the heels of a serious and coordinated cyberattack conducted against Google, Adobe and other U.S. companies in the finance, technology and defense industries.

The report is believed to be the first of its kind to examine the security of critical infrastructures around the world, although it has a number of shortcomings that the coordinators don’t address. Many of the findings, for example, are provided without elaboration, making it difficult to know what the survey participants meant in their responses. For example, the report indicates that large-scale DDoS attacks had a particularly severe effect in the energy and power and water and sewage sectors, but doesn’t elaborate on what consequences were suffered as a result of these attacks.

Also, the report states that attacks are “often from high-level adversaries like foreign nation-states” but doesn’t indicate how this is known when attribution in cyberspace is often impossible to determine. About 75 percent of executives in China believe foreign governments have been involved in cyberattacks against critical infrastructure in that country, while 60 percent in the U.S. believe this is the case.

In a conference call, the organizers of the survey acknowledged that respondents who indicated that foreign-nation states were behind attacks were not asked how they knew attacks against them came from nation states. The organizers said the respondents were likely basing their responses simply on perceptions gained from news reports rather than firsthand knowledge of the source of attacks.

More than half of executives surveyed (54 percent) said they suffered large-scale DDoS attacks and stealthy infiltration attacks by high level adversaries, such as organized crime, terrorists or nation-state actors. Nearly 30 percent of those surveyed reported suffering large-scale DDoS attacks multiple times each month, with about 64 percent saying the attacks impacted their operations in some way, such as interfering with website operations, e-mail servers or phone systems.

Of those that suffered sensitive data leaks and loss from network intrusions, 15 percent said the impact was serious, while 4 percent said it was critical. The most common target in such attacks was financial information, with a little more than half reporting that this was the aim of intruders. The least common target was password and login information, which was targeted in only 21 percent of attacks. Although the report doesn’t note this, in order to get to financial data, intruders often obtain password and login credentials at some point in their intrusion. So while the password and login may not be the final target, it is often a means to the target.

One in five respondents said they were the victim of extortion through a cyberattack or threatened cyberattack within the last two years. Extortion was most common in India, the Middle East, China and France and rarest in the U.S. and U.K. Again, the survey provides little elaboration other than to point to now disputed media reports attributing power outages in Brazil in 2005 and 2007 to hackers.

These incidents were reported last year by 60 Minutes. The 60 Minutes story, however, has been harshly criticized privately by a number of the show’s own sources, who say it was based on rumor, and has been denied by the Brazilian government. Brazil released a report attributing the outage in 2007 to soot-covered insulators.

The 60 Minutes story was based in part by information from CSIS’ own James Lewis, a senior fellow in its technology and public policy program. So, citing disputed media reports to support extortion claims when those media reports were in part the result of disputed information provided by CSIS is a curious move.

With regard to securing against attack, critical infrastructure entities in China have the highest rate of adopting strong security measures such as encryption, user authentication and strict security polices. About 62 percent of Chinese executives said such measures were in place, while only 53 percent in the U.S. indicated this.

The adoption of strong security measures, however, didn’t necessarily translate to better protection from high-level attacks. For example, although China has a high adoption rate for security technologies and policies, it “is not notably free from high-level attacks,” says the report.

Among the 600 respondents to the survey, 100 are based in the United States; there are 50 respondents each in Japan, China, Germany, France, the U.K. and Italy; another 30 each are in Russia, Spain, Australia, Brazil, Mexico and India; and 20 are in Saudi Arabia. The sectors most represented in the survey are the banking and finance sector and government services. Each of these sectors had 145 respondents. The oil and gas, energy and power, transportation and mass-transit, and telecommunications sectors had representatives ranging from 59 to 82 respondents. Only 23 respondents come from the water and sewage sector.

View the article

By Kim Zetter

Wired, January 28, 2010

In an ever more networked world, the cyber vulnerabilities of critical infrastructure pose challenges to governments and owners and operators in every sector and across the globe. With the global economy still fragile after last year’s financial crisis, assuring the integrity and availability of key national industries may fall out of focus as a government priority, but will remain a key determinant of strategic vulnerability.

Six hundred IT and security executives from critical infrastructure enterprises across seven sectors in 14 countries all over the world anonymously answered an extensive series of detailed questions about their practices, attitudes and policies on security—the impact of regulation, their relationship with govern­ment, specific security measures employed on their networks, and the kinds of attacks they face.

Critical infrastructure owners and operators report that their IT networks are under repeated cyberattack, often by high-level adversaries. The impact of such attacks is often severe, and their cost is high and borne widely. Although executives generally report satisfac­tion with the resources they have for security, recession-driven cuts have been widespread and sometimes deep. And there is concern about how well-prepared critical infrastructure is to deal with large-scale attacks.

By gathering details on the actual security measures that organizations adopted, we were able to make an objective comparison of security in different criti­cal infrastructure sectors, and in different nations. The executives with responsibility for operational or industrial control systems were also asked a series of special questions about the security measures employed on those systems.

Executives in China reported by far the highest rates of adoption of security measures including encryption and strong user authentication. Among sectors, water/sewage executives reported the lowest rate of adoption of security measures. Broken down by sector and by nation, the survey data reveals significant variations in attitudes to and reports about regulation and other government activity. Executives in India reported the highest levels of regulation, closely followed by China and Germany. Executives in the United States reported the lowest levels. Views about the impact and effectiveness of regulation varied widely, but overall most agreed that they improve security.

A majority of executives believed that foreign governments were already involved in network attacks against their country’s critical infrastructure. The United States and China were seen as the most worrisome potential cyber aggressors, but attribution challenges in cyberspace give all attackers “plausible deniability.”

View the complete article

McAfee, January 2010

54 percent of IT professionals surveyed at large infrastructure companies say they’ve been infiltrated. And it’s getting worse.

Security software vendor McAfee and the Center for Strategic and International Studies today released a report at the World Economic Forum that said that 54 percent of security executives interviewed at oil and gas production fields, power plants and other critical installations for a recent survey admitted they’ve already suffered large-scale attacks from organized crime, terrorists or nation-states. In all, 600 were interviewed for the survey.

Worse, it seems that our critical infrastructure is being guarded by Paul Blart, Mall Cop. 37 percent say that security has become worse in the past year, a casualty of the economy and shrinking corporate budgets. Cuts have been particularly steep in the oil and gas sector. Close to 40 percent expect a major security incident in the next year, while only 45 percent believe that their regional or local authorities are capable of deterring attacks. The average cost estimated for downtime came to $6.3 million per day.

Security is one of the top concerns of the National Institute for Standards and Technology, which wants to solidfy standards for the grid in the next few years, a relatively short amount of time. 

The findings do have to be taken with a grain of salt. Security companies tend to be a bit alarmist when it comes to assessing potential dangers. But it’s important to note that it’s not just anyone breaking in: some instances of suspected infiltration were linked to criminals and geopolitical rogues. Late last year, one security expert told me that some utilities have even discovered code originating from less-than-friendly nation-states on their servers. Why was it there? They weren’t sure, but the utilities were understandably alarmed that it could have gotten there in the first place.

Antivirus vendors like McAfee and Symantec could become major players in green. Security is an issue, but these companies are also adept at monitoring hundreds and thousands of nodes at once and jumping into action at the first sign of a crisis, much like demand response companies.

View the article

By Michael Kanellos

Greentech Media, January 28, 2010

60 Minutes: Former Chief of National Intelligence Says U.S. Unprepared for Cyber Attacks (CBS)

Nothing has ever changed the world as quickly as the Internet has. Less than a decade ago, “60 Minutes” went to the Pentagon to do a story on something called information warfare, or cyber war as some people called it. It involved using computers and the Internet as weapons.

Much of it was still theory, but we were told that before too long it might be possible for a hacker with a computer to disable critical infrastructure in a major city and disrupt essential services, to steal millions of dollars from banks all over the world, infiltrate defense systems, extort millions from public companies, and even sabotage our weapons systems.

Today it’s not only possible, all of that has actually happened, plus a lot more we don’t even know about It’s why President Obama has made cyber war defense a top national priority and why some people are already saying that the next big war is less likely to begin with a bang than a blackout. “Can you imagine your life without electric power?” Retired Admiral Mike McConnell asked correspondent Steve Kroft.

Until February of this year, McConnell was the nation’s top spy. As chief of national intelligence, he oversaw the Central Intelligence Agency, the Defense Intelligence Agency and the National Security Agency. Few people know as much about cyber warfare, and our dependency on the power grid, and the computer networks that deliver our oil and gas, pump and purify our water, keep track of our money, and operate our transportation systems.

“If I were an attacker and I wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer, I probably would sack electric power on the U.S. East Cost, maybe the West Coast, and attempt to cause a cascading effect. All of those things are in the art of the possible from a sophisticated attacker,” McConnell explained.

“Do you believe our adversaries have the capability of bringing down a power grid?” Kroft asked. “I do,” McConnell replied. Asked if the U.S. is prepared for such an attack, McConnell told Kroft, “No. The United States is not prepared for such an attack.” “It is now clear this cyber threat is one [of] the most serious economic and national security challenges we face as a nation,” President Obama said during a speech.

Four months after taking office, Obama made those concerns part of our national defense policy, declaring the country’s digital infrastructure a strategic asset, and confirming that cyber warfare had moved beyond theory. “We know that cyber intruders have probed our electrical grid, and that in other countries cyber attacks have plunged entire cities into darkness,” the president said.

President Obama didn’t say which country had been plunged into darkness, but a half a dozen sources in the military, intelligence, and private security communities have told us the president was referring to Brazil. Several prominent intelligence sources confirmed that there were a series of cyber attacks in Brazil: one north of Rio de Janeiro in January 2005 that affected three cities and tens of thousands of people, and another, much larger event beginning on Sept. 26, 2007.

That one in the state of Espirito Santo affected more than three million people in dozens of cities over a two-day period, causing major disruptions. In Vitoria, the world’s largest iron ore producer had seven plants knocked offline, costing the company $7 million. It is not clear who did it or what the motive was.

But the people who do these sorts of things are no longer teenagers making mischief. They’re now likely to be highly trained soldiers with the Chinese army or part of an organized crime group in Russia, Europe or the Americas. “They can disrupt critical infrastructure, wipe databases. We know they can rob banks. So, it’s a much bigger and more serious threat,” explained Jim Lewis, director of the Center for Strategic and International Studies.

Lewis led a group that prepared a major report on cyber security for President Obama. “What was it that made the government begin to take this seriously?” Kroft asked. “In 2007 we probably had our electronic Pearl Harbor. It was an espionage Pearl Harbor,” Lewis said. “Some unknown foreign power, and honestly, we don’t know who it is, broke into the Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA. They broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information.”

How much is a terabyte? “The Library of Congress, which has millions of volumes, is about 12 terabytes. So, we probably lost the equivalent of a Library of Congress worth of government information in 2007,” Lewis explained. “All stolen by foreign countries?” Kroft asked.”Yeah. This was a serious attack. And that’s really what made people wake up and say, ‘Hey, we’ve got to get a grip on this,’” Lewis said.

View the complete article

CBS News November 8, 2009

In the wake of recent reports describing the electric grid’s vulnerabilities to hackers, two members of the U.S. Congress have introduced legislation giving federal regulators more authority to combat that possible threat. The electric grid system that keeps the United States humming is worth more than $1 trillion and keeps the lights on for more than 300 million Americans. Federal regulators have complained they do not have enough authority over the electric grid networks, which recent reports have suggested may be vulnerable to infiltrations by Chinese and Russian spies–a new concern as utilities tie grid-monitoring control systems to open networks like the Internet.

Matching bills were introduced in the House and the Senate on Thursday to increase the authority of the Department of Homeland Security and the Federal Energy Regulatory Commission to secure the electric grid. The bills were introduced by Sen. Joe Lieberman (I-Conn.) and Rep. Bennie Thompson (D-Miss.), who chair the Homeland Security committees in their respective chambers.

“Our cybersystems are under constant attack,” Lieberman said in a statement. “We rely on cyberspace for so much of what is at the heart of our way of life, and our systems are not protected. We are focusing on the electricity cyberstructure today because electricity is what so many critical sectors of the economy depend upon.”

Utilities are already expected to comply with mandatory cybersecurity standards, but regulators have reported that utilities are likely downplaying the critical nature of their infrastructure to avoid compliance with the rules. The legislation addresses that by giving FERC, DHS, and other national security agencies the authority to determine which physical or cyber assets should be deemed “critical electric infrastructure.” The bill clarifies that “critical” infrastructure should refer to networks that are so vital to the United States that their incapacity would cause significant harm to the country’s security, the economy, or public health at a national or regional level.

It also would enable FERC to issue rules or orders to protect critical electric infrastructure against threats–including emergency orders, which could be issued without prior notice if FERC determines an order is needed immediately to protect the grid from an imminent threat. Emergency orders would remain in place for 90 days, unless FERC opened them up to public comment.

In addition, the legislation calls for FERC and the DHS Secretary to establish within 120 days of its enactment interim measures to protect the electric grid. The DHS would also be responsible for more oversight of grid protection programs. The legislation would require the department to conduct research to determine if the security of critical electric infrastructure has been compromised and to report its findings to Congress. The department would also have to produce regular reports with recommendations for creating a collective domestic response to a cyberattack by a terrorist, nation-state or person.

The legislation comes as the Obama administration is pushing through stimulus spending smart-grid development, which would connect the electric grid to more networks.

View the article