Bill Overview
Title: Critical Electric Infrastructure Cybersecurity Incident Reporting Act
Description: This bill requires the Department of Energy (DOE) to issue regulations about reporting cybersecurity incidents with respect to critical electric infrastructure. The regulations must require federal agencies as well as the owners, operators, and users of critical electric infrastructure to report cybersecurity incidents or potential cybersecurity incidents to DOE within 24 hours of their discovery.
Sponsors: Rep. McMorris Rodgers, Cathy [R-WA-5]
Target Audience
Population: Individuals dependent on functional electric grids worldwide
Estimated Size: 332000000
- Power grids rely heavily on digital systems, making them susceptible to cyber threats.
- A cybersecurity incident in the electricity infrastructure can affect not only those directly involved but also the general population relying on stable electricity.
- The bill mandates quick reporting which aims to minimize the disruption caused by cyber incidents to the critical electric infrastructure.
Reasoning
- The policy primarily impacts entities directly managing critical electric infrastructure, such as operators and IT staff in energy companies. However, indirect impacts may be felt by the general population experiencing enhanced reliability and security of power supply.
- The policy's budget is used for regulations and technology to improve monitoring and reporting processes, focusing on early detection and response to cyber incidents.
- Since the target population is vast (332 million Americans, largely through indirect impacts), only a fraction will experience noticeable direct improvements in wellbeing. However, future risks mitigated by this policy could broadly enhance wellbeing for all.
- The overall impact on subjective wellbeing may appear minimal initially, but could grow over years as the incidence and severity of disruptions decrease, potentially resulting in increased public trust and less stress related to energy supply reliability.
Simulated Interviews
IT Specialist in Energy Sector (New York, NY)
Age: 35 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 20.0 years
Commonness: 5/20
Statement of Opinion:
- The policy is crucial for upgrading our incident reporting systems.
- I feel it will make my job both more complex and more secure by standardizing procedures.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 7 | 5 |
| Year 3 | 7 | 5 |
| Year 5 | 8 | 5 |
| Year 10 | 9 | 6 |
| Year 20 | 9 | 6 |
Electric Grid Operator (Houston, TX)
Age: 42 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 15.0 years
Commonness: 4/20
Statement of Opinion:
- Reporting within 24 hours is a tight timeline, but I think it's necessary.
- This makes our infrastructure safer overall and reduces downtime in incidents.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 8 | 7 |
| Year 10 | 9 | 7 |
| Year 20 | 9 | 7 |
Software Developer (San Francisco, CA)
Age: 29 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 10.0 years
Commonness: 6/20
Statement of Opinion:
- The act could increase demand for our cybersecurity solutions.
- I'm optimistic this will lead to more reliable electricity for everyone.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 9 | 7 |
| Year 5 | 9 | 7 |
| Year 10 | 9 | 8 |
| Year 20 | 9 | 8 |
Retired Engineer (Miami, FL)
Age: 67 | Gender: male
Wellbeing Before Policy: 5
Duration of Impact: 5.0 years
Commonness: 10/20
Statement of Opinion:
- Security improvements give me peace of mind, especially during hurricane season.
- I hope this leads to fewer and shorter outages.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 5 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 7 | 5 |
| Year 10 | 8 | 6 |
| Year 20 | 8 | 6 |
Small Business Owner (Chicago, IL)
Age: 53 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 8/20
Statement of Opinion:
- I'm glad measures are being taken to secure our power supply.
- Any reduction in power disruptions is a plus for my business.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 7 | 6 |
| Year 10 | 8 | 7 |
| Year 20 | 8 | 7 |
College Student (Los Angeles, CA)
Age: 21 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 0.0 years
Commonness: 15/20
Statement of Opinion:
- Addressing cybersecurity is crucial for integrating renewables with the grid safely.
- This policy reflects a proactive stance against cyber threats.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 7 | 7 |
| Year 10 | 8 | 8 |
| Year 20 | 8 | 8 |
Energy Policy Analyst (Boulder, CO)
Age: 46 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 10.0 years
Commonness: 9/20
Statement of Opinion:
- It's good to see comprehensive steps being taken to protect critical infrastructure.
- This will help mitigate potential catastrophic events.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 8 | 6 |
| Year 10 | 8 | 7 |
| Year 20 | 9 | 8 |
Healthcare Professional (Seattle, WA)
Age: 60 | Gender: female
Wellbeing Before Policy: 5
Duration of Impact: 10.0 years
Commonness: 7/20
Statement of Opinion:
- Electrically secure hospital services are non-negotiable.
- Policies like this could protect patient safety.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 7 | 5 |
| Year 5 | 7 | 6 |
| Year 10 | 8 | 7 |
| Year 20 | 8 | 7 |
Journalist (Austin, TX)
Age: 37 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 9/20
Statement of Opinion:
- The act makes the network more resilient and trustworthy.
- This should make for fewer stories on catastrophic power failures.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 8 | 7 |
| Year 10 | 8 | 7 |
| Year 20 | 9 | 7 |
Manufacturing Plant Manager (Detroit, MI)
Age: 50 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 15.0 years
Commonness: 5/20
Statement of Opinion:
- This can minimize expensive interruptions in our production processes.
- A secure electric infrastructure is crucial for plant efficiency.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 6 |
| Year 5 | 9 | 7 |
| Year 10 | 9 | 8 |
| Year 20 | 9 | 8 |
Cost Estimates
Year 1: $1000000000 (Low: $800000000, High: $1200000000)
Year 2: $600000000 (Low: $500000000, High: $700000000)
Year 3: $500000000 (Low: $400000000, High: $600000000)
Year 5: $400000000 (Low: $350000000, High: $450000000)
Year 10: $300000000 (Low: $250000000, High: $350000000)
Year 100: $10000000 (Low: $8000000, High: $12000000)
Key Considerations
- The high upfront cost is necessary to establish a robust cybersecurity incident reporting system which is crucial for national security.
- Interagency coordination and private sector compliance are essential for the successful implementation of this policy.
- The electric grid is critical infrastructure; protecting it from cyber threats has far-reaching benefits beyond cost savings.