A member of the House Committee on Energy and Commerce is planning to reintroduce legislation that aims to increase transparency between critical electric infrastructure owners and the Department of Energy (DoE).
During a committee hearing this week, Rep. Tim Walberg, R-Mich., announced his plans to reintroduce the bill, which would require critical electric infrastructure owners and operators to report cybersecurity incidents to the DoE within 24 hours.
“Threats to our critical energy infrastructure have increased year after year,” the congressman said. “In 2022, attacks on United States power grids rose to an all-time high. More apparently needs to be done to protect our critical energy infrastructure, which is why I plan to introduce the Critical Electric Infrastructure Cybersecurity Incident Reporting Act.”
Last year, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) was signed into law as part of the Consolidated Appropriations Act of 2022, requiring critical infrastructure organizations to report cyber incidents to CISA. However, it created some confusion about where cyber incident reports need to go.
Rep. Walberg’s legislation aims to clarify the role of DoE in reporting requirements, and pull on the agency’s expertise in critical electric infrastructure cyber preparedness and defense.
The bill would also direct DoE to develop rules to add additional clarity on the scope and scale of cybersecurity incidents that require reporting, and to develop procedures for reporting a potential cybersecurity incident.
“And I would hope that it would make more efficiency in the process for members of Congress to understand what’s going on and get information and more transparency as well,” Rep. Walberg added.
The legislation was first introduced in October 2022 by Reps. Cathy McMorris Rodgers, R-Wash., and Fred Upton, R-Mich. At the time, Rep. McMorris Rodgers also emphasized the dangers of a “one-size-fits-all” cyber reporting approach.
“Energy and Commerce Republicans are warning of the dangers of moving to a one-size-fits-all Federal approach, which will weaken agencies’ ability to leverage their expertise in cybersecurity preparedness and defense in their specific, unique sectors,” she said.
Rep. McMorris Rodgers now chairs the Energy and Commerce Committee.