The bill, which passed the Energy and Natural Resources Committee last year, would give the Federal Energy Regulatory Commission (FERC) power to set deadlines for industry-developed cybersecurity standards and give the secretary of energy emergency cybersecurity authority, Bingaman said in an opening statement at a Senate committee hearing on cybersecurity and the electric grid.
Bingaman, who chairs the committee, criticized the industry-led North American Electric Reliability Corp. (NERC) for taking too long to develop and enforce cybersecurity standards for the electric grid, which the Energy Policy Act of 2005 required the industry to do. He said that NERC has yet to produce cybersecurity standards acceptable to FERC, despite working on the standards for six years.
“We are still waiting for this process to produce the full set of adequately protective standards that we need. That cumbersome process has to address a threat whose nature is rapidly changing, the standards that are in place may not be flexible enough to deal with emerging threats, and we still do not have an effective system in place to require action in the face of an imminent cyberattack”, he stressed.
The ranking Republican on the committee, Sen. Lisa Murkowski (R-Alaska), indicated that she would oppose expanding the federal regulator’s powers. “I don’t think granting federal regulators broad new powers is the right approach. Instead, we need a much more nimble approach to deal with cyber-related threats that are constantly growing and constantly changing”, she said in her opening statement.
Bingaman said he would try to attach his bill to the Cybersecurity Act, which could be voted on as early as next week, according to a report by The Hill newspaper.