In 2010, Markey introduced the GRID Act, which would have given the federal government greater authority to impose standards on electric utilities. That proposal, cosponsored by Rep. Mike Upton (R-Mich.), passed the House but never made its way out of committee in the Senate.
Markey is renewing his efforts to enact grid-security legislation. His report — which surveyed more than 150 utilities, cooperatives and federal entities owning major pieces of the electric system — showed that the power network is the target of daily cyber attacks, with one utility saying it faced 10,000 attempted attacks each month.
Consensus is required between the two groups to mandate protections, and proposed standards that do not receive support from both NERC and FERC can become voluntary.
Critics say the process of reaching consensus can take years, lagging far behind the pace at which new threats develop. They also contend that it leads to the lowest common denominator of what the electricity industry is willing to accept.
The GRID Act would have allowed FERC to act alone in requiring safeguards for the nation’s electric system when threats are serious or imminent. Markey’s office this week said the congressman still stands behind that measure.
“With one well-placed keystroke, Americans could be plunged into darkness and chaos through the damage to our electric grid,” Markey said Tuesday. “Foreign enemies are employing Web warriors to attack our way of life, and it’s time that our actions respond to the potential threat.”
Markey’s report, co-produced by Rep. Henry Waxman (D-Calif.), said the majority of industry- and municipally-owned utilities indicated they do not comply with voluntary standards and have not taken concrete steps to reduce vulnerability to geomagnetic storms.
“We need to push electric utilities to enlist all of the measures they can now, and push for stronger standards in Congress that will keep our economy and our country safe from cyber warfare,” Markey said in a statement Tuesday.
But some industry groups have resisted moves to grant greater authority to FERC. The American Public Power Association issued a statement Tuesday saying utilities are already subject to an extensive list of mandatory cyber-security guidelines.
“As an industry, we continue to closely coordinate at high levels both amongst members of our industry and with the federal government on cyber and physical security,” the group’s statement said.
The association also criticized the Markey-Waxman report on Tuesday, saying many of the questions from the survey were so specific and confidential that answering them would have posed a security risk.
“Drawing such broad conclusions about the electric sector’s and public power’s level of security is therefore misleading,” the group said. “We are placing, and will continue to place, the highest priority on ensuring the security and resiliency of our electric system.”