What should the military do when the lights go out?

Shutterstock image (by gyn9037): High voltage towers, electricity infrastructure. 

A House bill would direct a cross-department effort to examine how a cyberattack on the nation's electric grid would affect military readiness.

The Securing the Electric Grid to Protect Military Readiness Act of 2017, introduced by Rep. Jacky Rosen (D-Nev.) on Sept. 27, directs the secretaries of defense, energy and homeland security as well as the director of national intelligence, to deliver a report to Congress within 90 days that would identify significant cybersecurity risks to defense critical electric infrastructure, assess how the readiness of the armed forces would be affected by a cyber attack, weigh the pros and the cons of isolating military infrastructure from the national electric grid and make recommendations to Congress about how best to eliminate or mitigate those risks.

"We must take every step necessary to modernize our electric power grid and protect our military assets from malicious cyber-attacks," said Rosen in a statement.

The measure is looking to explore the impact of multiple threats, including significant efforts to degrade or disrupt technology systems or networks, data theft, malware, distributed denial-of-service attacks, industrial espionage and influence operations.

A Senate version of the legislation was offered on Sept. 12 by Sens. Elizabeth Warren (D-Mass.) and Thom Tillis (R-N.C.). Separately, Sen. Angus King (I-Maine) introduced the Securing Energy Infrastructure Act of 2017, which would establish a working group to develop a national cyber strategy for protecting the electrical grid along with a two-year pilot program within the Department of Energy to identify and combat cybersecurity vulnerabilities in the energy sector. That bill was eventually inserted into the Senate's 2018 Intelligence Authorization bill, which has been introduced but has not yet received a vote.

Before leaving office, the Obama administration released an action plan in December 2016 on securing the electric grid with a host of recommendations, including building increased resilience measures into the grid network, better coordination with nations like Canada who share electrical resources, establish a grid monitoring system and a better trained workforce.

The Trump administration followed that up with an Executive Order in May 2017 directing the Secretaries of Energy and Homeland Security and the Director of National Intelligence to assess the implications of a "prolonged power outage associated with a significant cyber incident" and how the nation might respond to an attack.

Publicly-known instances of attacks on the nation's power grid by malicious actors are exceedingly rare. A website started in 2013 by an anonymous information security researcher called Cybersquirrel1 tracks and categorizes all public, unclassified instances of disruption and damage to power grids around the world. Out of the 2,111 attacks listed worldwide on the site, just three were later determined to be caused by nation-state actors. The remaining 2,108 disruptions were caused by squirrels, birds, snakes, jellyfish and other animals.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.


  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected