For months, Sen. Maria Cantwell has been warning in letters to the Trump administration and colleagues that Congress needs to do more to keep the nation's energy supply safe from cyberattacks. Now it appears she has a widespread attack to bolster her admonitions.
Reports from Bloomberg and The New York Times last week indicated that Russian-backed hacking groups may be responsible for recent targeted cyberattacks to nuclear power plants and grid operation system manufacturers, threatening the electric grid and the economy it supports.
While the FBI and Department of Homeland Security say they are aware of the “potential cyber intrusion affecting entities in the energy sector,” the agencies said “there is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”
But for Cantwell, the top Democrat on the Senate Energy and Natural Resources Committee, the hacks are just the latest signs of how vulnerable the electric grid is to foreign threats.
“The disturbing reports of the past 24 hours indicate that our adversaries are trying to take advantage of the very real vulnerabilities of our energy infrastructure’s cyber defenses,” Cantwell said in a statement to CQ Roll Call.
She added that she is “reiterating my call for President Trump to immediately perform the long overdue assessment of cyber vulnerabilities that 19 Senators have requested, and abandon his proposed cuts to the Department of Energy’s Office tasked with protecting our energy networks from cyber attacks.”
DOE’s Office of Electricity Delivery and Energy Reliability — the program area responsible for cybersecurity-related efforts — would see a more than 40 percent reduction in funding in fiscal 2018, according to the DOE budget request.
In March, Washington's Cantwell joined with Sen. Ron Wyden, D-Ore., in a letter to President Donald Trump to highlight the need to bolster the Department of Energy’s role as lead agency in defending against grid cyberattacks, especially from Russia. In a followup June 22 letter, Cantwell led a group of 18 other Democratic senators in calling for a 60-day analysis of Russian capabilities “to use cyber warfare to threaten our energy infrastructure.”
DOE has acknowledged the seriousness of the threat. In its second Quadrennial Energy Review, a sweeping analysis of the energy sector conducted under the Obama administration, DOE said that the cybersecurity of the grid remains a key vulnerability, and it should be treated with the same importance as other national security threats.
The report notes the growing frequency of cyberattacks across the board in the energy industry, saying they “have not yet caused significant disruptions... but the number and sophistication of threats are increasing, and information technology systems are becoming more integrated with energy infrastructure.”
And Cantwell is not the only lawmaker paying attention to the fallout of the recent hacks.
A House Energy and Commerce Committee spokesman said in an email that “the Committee is aware of these reports and is monitoring the situation. There is much we do not know at this time but we are in contact with the relevant authorities and stakeholders.”
Sen. Angus King, I-Maine, meanwhile, who has a bipartisan bill with Sen. Jim Risch, R-Idaho, to address cybersecurity concerns, renewed his call for a national strategy. “News of attempts to hack nuclear power plants underscores need for US to develop comprehensive cyber strategy,” King said in a tweet Friday.