electric grid critical infrastructure power supply

Lawmakers ask Energy Department to take point on sector digital security

A bipartisan group of House and Senate lawmakers late last week urged the head of the U.S. Energy Department to take the lead in shaping the massive energy sector’s cybersecurity.

“Without your engagement and immediate attention, we are concerned that DOE’s role in helping to ensure energy sector cyber security will be diminished,” the group wrote in a letter to Energy Secretary Jennifer Granholm.

The missive comes a few weeks after President Joe Biden signed a landmark cyber incident into law that will require critical infrastructure operators to alert the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of a breach and 24 hours if the organization made a ransomware payment.

CISA will have up to two years to publish a notice in the Federal Register on proposed rulemaking to implement the reporting effort.

In their letter, lawmakers argued DOE’s “energy sector expertise and well-established partnerships with industry are critical in managing risk in today’s threat environment.”

“We fully expect that DOE will discharge its lead cybersecurity and emergency response efforts for the energy sector in close coordination with DHS as it has done for years,” according to the group, composed of Senate Energy Committee leaders Joe Manchin (D-Va.) and John Barrasso (R-Wyo.) and House Energy and Commerce leaders Frank Pallone (D-N.J.) and Cathy McMorris Rodgers (R-Wash.)

The lawmakers highlighted the Biden administration’s recent warnings that Russia could target U.S. energy infrastructure with digital strikes as Moscow’s invasion of Ukraine has stalled.

“Companies in the energy sector must focus their attention on maintaining cybersecurity and responding to cyber events,” the letter states. “The federal government should act as a valuable partner in tracking and responding to cyber threats to critical infrastructure and avoid inconsistent and duplicative requirements. Establishing consistent reporting requirements is especially important now.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Martin Matishak

Martin Matishak

is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.