{
  "id": "R45312",
  "type": "CRS Report",
  "typeId": "REPORTS",
  "number": "R45312",
  "active": true,
  "source": "EveryCRSReport.com",
  "versions": [
    {
      "source": "EveryCRSReport.com",
      "id": 585136,
      "date": "2018-09-04",
      "retrieved": "2018-09-13T22:20:22.112385",
      "title": "Electric Grid Cybersecurity",
      "summary": "Electricity generation is vital to the commerce and daily functioning of the United States. The U.S. electric power grid comprises all of the power plants generating electricity, together with the transmission and distribution lines and systems that bring power to end-use customers. The U.S. electric grid has operated historically with a high level of reliability; however, the various parts of the electric power system are all vulnerable to failure due to natural, operational, or manmade events.\nThe bulk power system faces new and evolving cybersecurity threats. Cyber threats can come from direct attacks aimed at electric grid or other critical infrastructure that could impact the operations or security of the grid. Arguably, the greatest cyber threats to the grid have been intrusions focused on manipulating industrial control system (ICS) networks. Cyber intrusions on the electric grid have resulted in malware on ICS networks with the capability of causing damage or taking over certain aspects of system control or functionality. Recent concerns have extended to Internet of Things (IoT) devices connected to networks. IoT devices have been increasingly targeted by botnet malware (whereby the hacker takes over the operation of a large number of infected devices) to launch denial-of-service or other cyber attacks. If such IoT cyber attacks were able to access electric utility ICS networks, they could potentially impair these systems or cause electric power networks to operate based on manipulated conditions or false information.\nCongress gave the Federal Energy Regulatory Commission (FERC) authority to oversee the reliability of the bulk power system under the Energy Policy Act of 2005 (P.L. 109-58; EPACT05). FERC can approve or remand back reliability standards proposed by the Electric Reliability Organization (ERO), which bulk-power system owners and operators must follow to help ensure the reliable operation of the grid. The North American Electric Reliability Corporation serves currently as the ERO, and proposes mandatory and enforceable reliability standards for Critical Infrastructure Protection (which include physical and cybersecurity). \nThere have been increasing reports about foreign hackers targeting the U.S. electric power system and other critical infrastructure. While these intrusions have not been reported as having resulted in significant disruptions, concerns have increased over the potential of the intrusions for potentially damaging cyber attacks. In 2017, the President issued Executive Order (EO) 13800 on \u201cStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u201d because the risks of cyber threats to critical infrastructure are perceived as a national security imperative. EO 13800 called for an assessment of a prolonged electric power outage resulting from a cyber attack, and an evaluation of the \u201creadiness and gaps in the United States\u2019 ability to manage and mitigate consequences of a cyber incident against the electricity subsector.\u201d The cyber supply chain and public-private cybersecurity information sharing were listed among a number of major cybersecurity concerns.\nElectricity is a subsector of the energy critical infrastructure (CI) sector. Given that the grid relies on several of the other CI sectors (for example, water and fuel transportation), the question of whether these other sectors should also have similar mandatory standards focused on support of the electric power sector may be an issue for Congress to consider.\nThe electric power system in the United States is evolving, but not consistently across sectors and regions of the country. While some may say such inconsistencies may add a level of complexity that may make a nationwide cyber event more unlikely, the consistent development of a modern electric power system would likely add to the prospects of U.S. economic health and competitiveness. Policy options designed to ensure that the developing electric power system is as secure as possible, will likely be a major consideration for Congress.",
      "type": "CRS Report",
      "typeId": "REPORTS",
      "active": true,
      "formats": [
        {
          "format": "HTML",
          "encoding": "utf-8",
          "url": "http://www.crs.gov/Reports/R45312",
          "sha1": "dc97425cfa3e3171e37e10c18c3498012d345c3b",
          "filename": "files/20180904_R45312_dc97425cfa3e3171e37e10c18c3498012d345c3b.html",
          "images": {}
        },
        {
          "format": "PDF",
          "encoding": null,
          "url": "http://www.crs.gov/Reports/pdf/R45312",
          "sha1": "f663b0f715fd6f98d72dfdb730d385b264596996",
          "filename": "files/20180904_R45312_f663b0f715fd6f98d72dfdb730d385b264596996.pdf",
          "images": {}
        }
      ],
      "topics": []
    }
  ],
  "topics": [
    "Energy Policy",
    "Intelligence and National Security"
  ]
}