[Congressional Record Volume 149, Number 128 (Wednesday, September 17, 2003)]
[Senate]
[Page S11640]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                   FERC NOTICE OF PROPOSED RULEMAKING


                            Grid Management

 Mr. KERRY. Mr. President, the front page of the Washington 
Post recently featured a local graduate student who skillfully mapped 
the electronic networks that interconnect every business and industrial 
sector in the American economy. The article emphasized how the 
information was readily available on the Internet and the associated 
security concerns. It also discussed the astonishment and alarm among 
industry leaders upon hearing about it.
  Early this year, the Department of Homeland Security published two 
papers emphasizing the need to secure critical infrastructure from 
physical and cyber-attacks, including all aspects of the electric power 
infrastructure system. This was clarified further by the Federal Energy 
Regulatory Commission (FERC) in its Notice of Proposed Rulemaking on 
Standard Market Design, which states, holesale electric grid operations 
are highly interdependent, and a failure of one part of the generation, 
transmission, or grid management system can compromise the reliability 
of a major portion of the grid.
  Simply put, experts in the public and private sector, time and time 
again, acknowledge the vulnerability of the entire national electric 
power infrastructure and that all aspects should be protected. As 
blatantly demonstrated by the recent blackouts in the northeastern 
United States, the viability of the national power grid is an important 
national security concern.
  I am concerned, therefore, that a cyber security standard recently 
proposed by FERC, which is designed to protect the electric power grid, 
exempts rocess control systems, distributed control systems, or 
electric relays installed in generating stations, switching stations 
and substations from the definition of ``critical cyber assets'' to be 
protected.
  Despite the clear intent of the Department of Homeland Security and 
FERC to protect the power system entirely, the proposed rule calls for 
only partial protection. The FERC decision may mean that power 
distribution is protected, while power generation remains vulnerable.
  Mr. KENNEDY. If the Senator will yield for a comment. I have been 
made aware that technology exists in the marketplace that is capable of 
protecting power generation assets. I am aware of at least one company, 
in fact, a Massachusetts company, that has developed software capable 
of protecting our power generation assets from cyber attack. If the 
technology exists, are we not obligated to protect these assets? 
Protecting transmission without protecting generation is like 
protecting airports without protecting aircraft. Isn it reasonable, 
therefore, to conclude that the entire national power grid, including 
generation, should be protected?
  Mr. KERRY. Mr. President, I think the answer is yes. No aspect of the 
electric power grid should be exempt from this cyber security standard. 
I urge the ranking member to work with us to address this issue during 
conference committee consideration of the Energy and Water 
appropriations bill for fiscal year 2004. With my good friend, the 
senior Senator from Massachusetts, I ask the Appropriations Committee, 
in conference with the House of Representatives, to include a 
requirement that the Federal Energy Regulatory Commission report to the 
committee and the Congress as to why generating infrastructure was 
excluded from the proposed rule.
  Mr. REID. I thank the Senator from Massachusetts for brining this 
issue to my attention. I agree that process control systems, 
distributed control systems, or electric relays installed in generating 
stations, switching stations and substations are indeed critical assets 
of the national electric power infrastructure and should not be exempt 
from protected assets. I look forward to addressing this issue in 
conference committee.

                          ____________________