The House passed a bill on July 27 that seeks to address the issue of increasing cyber threats to America’s energy infrastructure by providing grants to university students specializing in cybersecurity.
H.R. 7569, also called the “Energy Cybersecurity University Leadership Act of 2022,” was passed with a package of other bills in 336–90 vote.
The bill directs the secretary of energy to create a grant program to “provide financial assistance to graduate students and postdoctoral researchers pursuing certain courses of study relating to cybersecurity and energy infrastructure.”
Energy Secretary Jennifer Granholm will be tasked with providing traineeship and research experiences to students and researchers at utilities and national labs owned by the Department of Energy.
“The United States has witnessed an alarming rise in cybersecurity threats and attacks against our energy infrastructure, including in my home state of North Carolina,” Rep. Deborah Ross (D-N.C.) said in a statement, according to The Hill.
“Our constituents rely on dependable energy sources for their lives and their livelihoods, and we cannot afford continued exposure to these types of attacks,” she added.
Ross and Rep. Mike Carey (R-Ohio) co-sponsored the bill in the House.
The bill theorizes that integrating cybersecurity considerations into the research, design, and development of energy infrastructure will be a cost-effective way to secure America’s electric grids, oil and gas pipelines, and other generation, transmission, and distribution systems.
After one year, Granholm must submit a report on the development and implementation of the program to the House Committee on Science, Space, and Technology, and the Senate Committee on Energy and Natural Resources.
Defending Against Ransomware, Other Attacks
The legislation was inspired by a spate of attacks on America’s energy infrastructure over the past year, including the ransomware attack on the Colonial Pipeline in May 2021, an attempt to poison a water treatment plant in Florida in February 2021, and a cyberattack against the Port of Houston in August 2021.
The Colonial Pipeline ransomware attack forced the company to shell out 75 bitcoins worth about $4.4 million to the hackers in a bid to get the pipeline system back online.
“It was the hardest decision I’ve made in my 39 years in the energy industry, and I know how critical our pipeline is to the country, and I put the interests of the country first,” Colonial Pipeline President and CEO Joseph Blount told a Senate panel in June 2021.
The bill also comes as federal agencies are asking companies operating in critical industries to boost their cyber defenses due to the threat of Russian cyberattacks.
Another bill included in the bill package passed on July 27 was the RANSOMWARE Act, an acronym for “Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies.”
The RANSOMWARE Act asks the U.S. Federal Trade Commission to provide a biennial report on ransomware and other cyberattacks from foreign groups or governments against U.S. targets, with a specific focus on Russia, China, North Korea, and Iran.