House Reps introduce bill to fund research into cybersecurity and energy infrastructure

A bill to fund research into the cybersecurity needs of the country’s energy infrastructure was introduced by two members of Congress on Wednesday. 

Congresswoman Deborah Ross (D-NC) and Congressman Mike Carey (R-OH) said the Energy Cybersecurity University Leadership Act will offer grants and other forms of funding to graduate students and postdoctoral researchers focusing on cybersecurity and energy infrastructure.

The bill is designed to fund scholarships, fellowships, and R&D projects at colleges and universities so that students can focus on the intersection of cybersecurity and energy infrastructure. Students will also be given chances to get research experience at the Department of Energy’s National Laboratories and utilities.

Efforts will also be made to reach students at Historically Black Colleges and Universities, Minority Serving Institutions, and Tribal Colleges and Universities.

Ross said the country needs to make an investment in a diverse workforce to “confront growing cyber threats and attacks against our country’s critical energy infrastructure.” She noted that she represents a district that has two institutions – North Carolina State University and Wake Tech Community College – that she believes are leading the way in exploring cybersecurity and clean energy.

“This legislation will better equip our students and researchers in North Carolina and beyond to tackle growing cyber threats. I am grateful for Congressman Carey’s partnership on this issue and look forward to advancing this important legislation,” she said. 

Both members of Congress noted several recent attacks on energy infrastructure including the ransomware attack on Colonial Pipeline, the cyberattack on a Florida water treatment plant in 2021 and another attack on a Kansas utility.

Several other attacks on U.S. energy infrastructure have been uncovered by the federal government in recent years. The Cybersecurity and Infrastructure Security Agency (CISA) is in the process of creating incident reporting rules that will require critical infrastructure operators to alert agencies within 72 hours of a breach and 24 hours if the organization made a ransomware payment.

CISA has released several warnings about attacks on energy facilities since the invasion of Ukraine by Russia, noting last year that several government hacking groups have created custom-made tools designed to breach IT equipment used in critical infrastructure facilities.

Ross and Carey said many vulnerabilities in the energy sector are only discovered once they have already been exploited in attempted or successful attacks, adding that the problem is getting worse as more utilities use complex technology. 

The bill would require the Secretary of Energy to send Congress a report about the development and implementation of the program within a year of the bill’s passage.

The two members of Congress introduced the same bill last year where it passed the House but stalled in the Senate.

“Continued cybersecurity threats on America have led to the need for bipartisan and common-sense legislation that will protect our energy grid,” Carey said.

“The Energy Cybersecurity University Leadership Program will allow for PHD and graduate students to dedicate their time to researching ways to bolster our national security and avoid large scale power outages and attacks on our critical infrastructure. I am proud to re-introduce this legislation with Congresswoman Deborah Ross and hope to see it passed in the 118th Congress.”