Lawmakers ask Energy Department to take point on sector digital security
A bipartisan group of House and Senate lawmakers late last week urged the head of the U.S. Energy Department to take the lead in shaping the massive energy sector’s cybersecurity.
“Without your engagement and immediate attention, we are concerned that DOE’s role in helping to ensure energy sector cyber security will be diminished,” the group wrote in a letter to Energy Secretary Jennifer Granholm.
The missive comes a few weeks after President Joe Biden signed a landmark cyber incident into law that will require critical infrastructure operators to alert the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of a breach and 24 hours if the organization made a ransomware payment.
CISA will have up to two years to publish a notice in the Federal Register on proposed rulemaking to implement the reporting effort.
In their letter, lawmakers argued DOE’s “energy sector expertise and well-established partnerships with industry are critical in managing risk in today’s threat environment.”
“We fully expect that DOE will discharge its lead cybersecurity and emergency response efforts for the energy sector in close coordination with DHS as it has done for years,” according to the group, composed of Senate Energy Committee leaders Joe Manchin (D-Va.) and John Barrasso (R-Wyo.) and House Energy and Commerce leaders Frank Pallone (D-N.J.) and Cathy McMorris Rodgers (R-Wash.)
The lawmakers highlighted the Biden administration’s recent warnings that Russia could target U.S. energy infrastructure with digital strikes as Moscow’s invasion of Ukraine has stalled.
“Companies in the energy sector must focus their attention on maintaining cybersecurity and responding to cyber events,” the letter states. “The federal government should act as a valuable partner in tracking and responding to cyber threats to critical infrastructure and avoid inconsistent and duplicative requirements. Establishing consistent reporting requirements is especially important now.”
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.