By Dan Shea
The energy sector is under constant attack.
Malicious actors—some part of criminal groups, others backed by foreign governments—are continually probing the cyber defenses of the nation’s critical infrastructure, looking for exploitable weaknesses.
The concern has only heightened in the aftermath of the U.S. killing of Iranian Maj. Gen. Qasem Soleimani in December.
Foreign policy experts believe Iran will avoid any protracted military conflict and instead look to retaliate through cyberattacks on U.S. domestic infrastructure. Meanwhile, a respected cybersecurity firm released a report indicating that hackers have been working with renewed interest in the electricity sector.
While the federal government is taking action to help utilities and operators of critical infrastructure defend against these threats, state policymakers are pursuing additional measures to establish security requirements and bolster cyber-protections
NCSL’s new report, “Cybersecurity and the Electric Grid: The state role in protecting critical infrastructure,” explores the issue from a state legislative perspective, providing background and outlining state policy options.
A number of states have already taken action to bolster cyber-protections by establishing state-level task forces, creating cybersecurity standards and reporting requirements and expanding state open records exemptions to include cyber vulnerabilities.
During the 2019 legislative session, at least 16 states considered almost 50 measures intended to address the cybersecurity of the electric grid and other critical infrastructure—an increase of around 30% over the previous year. Based on recent trends, it appears likely that growth trends will continue in the coming years as utilities, states and the federal government continue to adapt to this growing threat landscape.
Dan Shea is a senior policy specialist in NCSL's Energy Program.