Markey is urging the Chairman of the House Committee on Energy and Commerce, Fred Upton (R-Mich.), to quickly pass the bipartisan bill, which addresses cyber-safety for the electrical grid and other critical infrastructure.
Markey called upon Upton, in a letter, to work to “protect our electrical grid from potentially devastating attacks.”
The GRID Act would widen the government’s power to take action in the event of a cyber-terrorist action against critical infrastructure, or the imminent threat of one. That would take the form of “emergency defensive measures,” which the Federal Energy Regulatory Commission (FERC) could impose without notice.
Markey pointed to the Mandiant report detailing the activities of what it calls the most prolific hacking group in China, citing the findings as one of the many reasons to take action now. The report tied this group to a specific branch of the People’s Liberation Army of China and implicated these hackers in thousands of attacks directed at hundreds of US companies. In particular, Markey pointed out that the report offers details of the theft of blueprints for the software control systems that control parts of the US electrical grid, and “hacking efforts that literally left the electronic infiltrators a keystroke away from being able to cause widespread destruction to our electrical infrastructure.”
“These revelations are yet another sign that we cannot wait until we are literally sitting in the dark to address vulnerabilities in our critical infrastructure to cyber attacks,” Markey wrote in the letter to Upton. “I urge Chairman Upton to once again take up the bipartisan legislation we passed together in 2010, but which died in the Senate, and act quickly to secure our electrical infrastructure from cyber terrorists.”
The legislation passed by a vote of 47-0 in the House Energy and Commerce Committee, and unanimously in the full House of Representatives. Since that time, the electric utility sector has lobbied aggressively against the measure, preventing adoption of this critical legislation, Markey said.
The Mandiant report indicates a state-sponsored terrorist threat, saying that the Chinese military is behind the hacking team known as APT1 (aka ‘Comment Crew’).
“Our analysis,” the firm said, “has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors. We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support.”
Mandiant goes further, claiming that APT1 is specifically “the 2nd Bureau of the People’s Liberation army (PLA) General staff Department’s (GSD) 3rd Department,” or Unit 61398. “APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously.”