los angeles power lines cybersecurity

Power lines entering the Los Angeles area. Cyberthreats to the energy sector are a growing risk that come with potentially devastating consequences, like power outages or fuel disruptions.

Energy Sector Cybersecurity: What Legislators Need to Know

By Dan Shea | Dec. 8, 2021 | State Legislatures News | Print

Cyberattacks are a growing danger to energy and other critical infrastructure systems. So what do state legislators need to know about this emerging threat, and how can they work with federal and state partners to help develop safeguards and cybersecurity practices that bolster protections?

A new video developed for state lawmakers answers these questions and more.

“I want state legislators to know that cyberthreats are evolving,” says Kate Marks, deputy assistant secretary at the U.S. Department of Energy’s Office of Cybersecurity, Energy Security and Emergency Response, known as CESER. “They’re growing more frequent and more sophisticated. And a successful attack on the energy sector can really have physical consequences, like power outages or fuel disruptions.”

I want state legislators to know that cyberthreats are evolving. They’re growing more frequent and more sophisticated. —Kate Marks, CESER

These consequences have been borne out in recent years—notably when a ransomware attack on the Colonial Pipeline curtailed fuel supply to much of the East Coast in May.

To put this attack and other threats to energy systems in context, NCSL partnered with CESER and the utility regulation and policy publication Public Utilities Fortnightly to develop a four-and-a-half-minute video with issue area experts representing federal and state agencies, national laboratories, utilities and cybersecurity companies.

Updating Infrastructure

“We have critical infrastructure right now that’s crumbling, it’s aging,” says Washington Representative Matt Boehnke (R). “It’s getting to the point that we need to upgrade the backbone of our infrastructure.”

As noted in NCSL’s 2020 report “Cybersecurity and the Electric Grid: The State Role in Protecting Critical Infrastructure,” state legislators are in a position to shape how state agencies and utilities prepare for disruptions, in part by providing clear guidance and support to the commissions tasked with regulating those entities.

“I’d like state legislators to understand that there’s a tremendous amount of activity around cybersecurity,” says Lynn Costantini, deputy director of the Center for Partnerships and Innovation at the National Association of Regulatory Utility Commissioners. “Most particularly, state public utility commissions are very engaged in this topic because it falls under their job description.”

In the coming weeks, Public Utilities Fortnightly will publish a second video exploring the role of state legislators, the policy landscape and the options that lawmakers may consider to address these pressing concerns.

Dan Shea is a program principal in NCSL’s energy program.

Additional Resources