- The Washington Times - Friday, May 1, 2009

Key members of Congress launched an effort Thursday to protect the nation’s electricity grid from criminals, vandals or U.S. enemies, who could use the Internet to cripple computers that control the generation and distribution of power.

The effort, led by the chairmen of the House and Senate homeland security committees, follows reports of hackers - possibly working for foreign governments - probing power controls for weaknesses.

Legislation sponsored by Sen. Joe Lieberman, Connecticut independent, and Rep. Bennie Thompson, Mississippi Democrat, would authorize the Federal Energy Regulatory Commission, or FERC, to supersede the power industry’s self-governing body in setting security standards.

The grid is increasingly dependent on control systems operated over computer networks including the Internet.

In 2007, researchers at the Department of Energy’s Idaho National Laboratory produced a video illustrating how hackers could destroy a generator by forcing it to operate at speeds that would literally shake it apart - a scenario dubbed the Aurora vulnerability.

Last year, CIA official Thomas Donahue told a conference of utility company executives that a cyberattack on the electric grid of an unspecified country had caused a widespread power outage as part of an extortion plot.

And earlier this year, the Wall Street Journal reported that hackers - including some thought to be in China and Russia - had placed malicious software on controlling computers that could be used to disrupt the U.S. power supply in the event of a war or other conflict.

“We are aware of penetration by foreign countries into our electrical grid before, so this legislation is absolutely vital,” said Rep. Peter T. King, New York Republican and ranking member of the House Homeland Security Committee. Mr. King is a co-sponsor of the bill.

Mr. Thompson said that lawmakers’ inquiries since 2007 had found self-regulation “effectively left many utilities vulnerable to attacks.”

“The findings were disturbing,” Mr. Thompson said. “Most of the electric industry had not completed the recommended mitigations” of vulnerabilities “despite being advised to do so by the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation [NERC].”

NERC is an industry body that sets standards for the owners and operators of electrical generation and transmission infrastructure.

The bill would enable federal regulators at FERC to respond to any finding by the Department of Homeland Security about specific, imminent cyberthreats by issuing emergency rules without first consulting with the electricity industry or giving the industry prior notice.

NERC had no immediate comment on the bill, although officials have said they are always willing to provide input when asked.