[Congressional Record Volume 155, Number 65 (Thursday, April 30, 2009)]
[Extensions of Remarks]
[Page E1025]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                           THE ELECTRIC GRID

                                 ______
                                 

                        HON. BENNIE G. THOMPSON

                             of mississippi

                    in the house of representatives

                        Thursday, April 30, 2009

  Mr. THOMPSON of Mississippi. Madam Speaker, I rise to speak in 
support of legislation I introduced today with the Ranking Member of 
the Homeland Security Committee, Mr. King, and the Chairman and Ranking 
Member of the Subcommittee on Emerging Threats, Cybersecurity, Science 
an Technology, Ms. Clarke and Mr. Lungren.
  The electric grid is highly dependent on computer-based control 
systems. These systems are increasingly connected to open networks such 
as the Internet, exposing them to cyber risks. Any failure of our 
electric grid, whether intentional or unintentional, would have a 
significant and potentially devastating impact on our Nation.
  For years, my Committee has been concerned about this possibility. In 
2007, the Committee learned that the electric industry was not 
mitigating a dangerous control system vulnerability known as 
``Aurora.'' We launched a series of investigations and held two 
hearings to understand what was being done in the public and private 
sectors to mitigate this and other cyber vulnerabilities.
  The findings were disturbing. Most of the electric industry had not 
completed the recommended mitigations, despite being advised to do so 
by the Federal Energy Regulatory Commission and the North American 
Electric Reliability Corporation. This effectively left many utilities 
vulnerable to attacks. Furthermore, in spite of existing mandatory 
cybersecurity standards, the North American Electric Reliability 
Corporation (``NERC'') recently reported that many utilities are 
underreporting their critical cyber assets, potentially to avoid 
compliance requirements.
  We must ensure that the proper protections, resources and regulatory 
authorities are in place to address any threat aimed at our power 
system. The Critical Electric Infrastructure Protection Act will do 
four things to improve our defensive posture:
  Provides FERC with the authorities necessary to issue emergency 
orders to owners and operators of the electric grid after receiving a 
finding from DHS about a credible cyber attack.
  Requires FERC to establish interim measures deemed necessary to 
protect against known cyber threats to critical electric 
infrastructure. This will improve existing mandatory standards.
  Requires DHS to perform ongoing cybersecurity vulnerability and 
threat assessments to the critical electric infrastructure, and provide 
mitigation recommendations to eliminate those vulnerabilities and 
threats.
  Requires DHS to conduct an investigation to determine if the security 
of Federally-owned critical electric infrastructure has been 
compromised by outsiders.
  I believe that this legislation adopts a common-sense approach 
towards securing our electric grid from cyber attack, and I look 
forward to working with the Senate and the rest of our colleagues on 
bipartisan, bicameral basis to see that this bill is enacted.

                          ____________________