What should the military do when the lights go out?

A bill introduced in the House and Senate would look into cyber vulnerabilities of the nation's electric grid and how they affect military readiness.

Shutterstock image (by gyn9037): High voltage towers, electricity infrastructure.

A House bill would direct a cross-department effort to examine how a cyberattack on the nation's electric grid would affect military readiness.

The Securing the Electric Grid to Protect Military Readiness Act of 2017, introduced by Rep. Jacky Rosen (D-Nev.) on Sept. 27, directs the secretaries of defense, energy and homeland security as well as the director of national intelligence, to deliver a report to Congress within 90 days that would identify significant cybersecurity risks to defense critical electric infrastructure, assess how the readiness of the armed forces would be affected by a cyber attack, weigh the pros and the cons of isolating military infrastructure from the national electric grid and make recommendations to Congress about how best to eliminate or mitigate those risks.

"We must take every step necessary to modernize our electric power grid and protect our military assets from malicious cyber-attacks," said Rosen in a statement.

The measure is looking to explore the impact of multiple threats, including significant efforts to degrade or disrupt technology systems or networks, data theft, malware, distributed denial-of-service attacks, industrial espionage and influence operations.

A Senate version of the legislation was offered on Sept. 12 by Sens. Elizabeth Warren (D-Mass.) and Thom Tillis (R-N.C.). Separately, Sen. Angus King (I-Maine) introduced the Securing Energy Infrastructure Act of 2017, which would establish a working group to develop a national cyber strategy for protecting the electrical grid along with a two-year pilot program within the Department of Energy to identify and combat cybersecurity vulnerabilities in the energy sector. That bill was eventually inserted into the Senate's 2018 Intelligence Authorization bill, which has been introduced but has not yet received a vote.

Before leaving office, the Obama administration released an action plan in December 2016 on securing the electric grid with a host of recommendations, including building increased resilience measures into the grid network, better coordination with nations like Canada who share electrical resources, establish a grid monitoring system and a better trained workforce.

The Trump administration followed that up with an Executive Order in May 2017 directing the Secretaries of Energy and Homeland Security and the Director of National Intelligence to assess the implications of a "prolonged power outage associated with a significant cyber incident" and how the nation might respond to an attack.

Publicly-known instances of attacks on the nation's power grid by malicious actors are exceedingly rare. A website started in 2013 by an anonymous information security researcher called Cybersquirrel1 tracks and categorizes all public, unclassified instances of disruption and damage to power grids around the world. Out of the 2,111 attacks listed worldwide on the site, just three were later determined to be caused by nation-state actors. The remaining 2,108 disruptions were caused by squirrels, birds, snakes, jellyfish and other animals.