Power Industry Asks Congress to Authorize Cyber Defense Programs

The House Energy & Commerce Energy Subcommittee holds a hearing on the physical and cyber security of the grid. | House Committee on Energy and Commerce

Dec 2, 2025 | James Downing

Electricity sector participants urged Congress to support cyber security programs as the House E&C Committee’s Subcommittee on Energy heard testimony on the efforts of nation-states and other actors to hack the bulk power system.

Electricity sector participants urged Congress to back cyber security programs as the House Committee on Energy and Commerce’s Subcommittee on Energy heard testimony on the efforts of nation-states and other actors to hack the bulk power system.

The Electricity Information Sharing and Analysis Center (E-ISAC) is the industry’s clearinghouse for information on cyber and physical threats that works government and other sectors to reduce security risks, NERC Senior Vice President and E-ISAC CEO Michael Ball said at the Dec. 2 hearing.

“The threat landscape is complex,” Ball said. “It includes continuously evolving threats from sophisticated and very capable adversaries; among the most advanced are nation-states … which are very well-funded.”

Ball said “numerous public reports underscore how these adversaries focus on the electric sector” and cited China, Russia, Iran and North Korea as being “monitored closely.”

Chinese cyber threats have dominated risks to North America recently, as Russia and Iran are more focused on conflicts in their regions, Ball said in his written testimony. He said Salt Typhoon and other hacking groups to which attacks have been attributed are believed to be operated by China’s Ministry of State Security. Ball’s written testimony lists cyber attacks against other sectors, but that is no comfort for E-ISAC, he noted.

“The technologies targeted by Salt Typhoon are prolific across critical infrastructure sectors, including the electric sector, which makes repurposing tactics, techniques and procedures learned targeting one sector easier when targeting the next,” Ball said.

The rise in electricity demand most often linked to data center growth also offers new risks as Salt Typhoon targets those facilities. A NERC report from early 2025 highlights the risks sudden outages of large loads can pose to the grid, Ball said. (See Data Centers’ Reliability Impacts Examined at FERC Meeting.)

Just the fact that load growth is cutting into reserve margins increases the risk of any kind of event on the grid, including cyber and physical attacks, said Kenergy CEO Tim Lindahl, who was testifying on behalf of the National Rural Electric Cooperative Association.

“One of the concerns we have as we run the grid closer and closer to the edge is it becomes more and more critical to not have interruptions before we could have a small event and it wouldn’t have an impact on the reliability of the grid,” he said. “But as we push the grid to the limit with new load — data center load, or any kind of load — it just puts a microscope on any hiccup in the system that could happen.”

Any kind of event becomes riskier as the system is more tightly balanced, but Kenergy — a Kentucky co-op — is dealing with that by investing in new fiber-optic communication systems so it can better monitor its distribution system and help thwart attacks, Lindahl said.

‘Embracing Modernization’

The long-run solution to cyber security will include modernizing infrastructure control systems as much as possible because keeping them entirely separate from the internet has proved infeasible, said Harry Krejsa, director of the Carnegie Mellon Institute for Strategy and Technology.

“Digitization has swept our world so thoroughly that even national security networks that are believed to be air-gapped often are found to have accidental and unknown internet connections during regular security sweeps and efforts to ensure their ongoing defensibility from adversaries abroad,” Krejsa said. “The only way around this challenge will be through embracing modernization from top to bottom.”

E-ISAC CEO Michael Ball, Xcel Energy Vice President Sharla Artz, Kenergy CEO Tim Lindahl, Carnegie Mellon University’s Harry Kresja and Idaho National Laboratory’s Zach Tudor at the hearing Dec. 2. | House Committee on Energy and Commerce

The economic changes driving up electricity demand are already advancing that work, added Krejsa, who worked in the Office of the National Cyber Director under the Biden administration.

“The energy technologies powering this transition, from onsite generation and battery storage to smart inverters and virtual power plants, were designed from the ground up with software at their core enabling modern cyber security features and the ability to update and evolve in response to emerging threats,” Krejsa said. “They are also enabling a smarter, more distributed grid architecture, one that is more defensible, resilient and even self-healing, capable of quarantining disruptions and preventing cascading blackouts.”

That transition includes using components from China, which dominates manufacturing in general and “electrotech” specifically. Krejsa recommended a reshoring effort there, but noted also some of the most sensitive national security programs use Chinese components.

“I think it’s instructive to take a look at the case of the F-35, which does not have zero Chinese-made components,” Kresja said. “The defense industrial base, instead, makes a risk-informed prioritization decision about where the cut line is for components.”

Congress could help the power industry and advanced manufacturing parse which components are too sensitive to risk backdoors for Chinese (or other) hackers and which can be reliably sourced from anywhere, he added.

Actionable Intelligence Needed

Information-sharing is vital when it comes to emerging threats, and the Energy Threat Analysis Center (ETAC), set up in 2023 as a pilot program, has helped improve dissemination of information to utilities whose systems are under threat, Xcel Energy Vice President Sharla Artz said.

“The private sector must be supported by the government to address national security risks. An essential component of that support is the timely sharing of actionable intelligence about our adversaries, tactics and their motivations,” she added. “Armed with this intelligence, private-sector experts can proactively architect security into their systems, hunt for adversarial activity and mitigate the risks from these threats.”

ETAC already has shared important information with the sector on Salt Typhoon attacks, and Artz said Congress should authorize it to become permanent so the partnership can grow and evolve to address new threats.

“Explicit recognition of this program allows industry partners and DOE to shape the joint effort to address the evolving risk landscape and to incorporate needed partners in the work effort,” Artz said in written testimony.

E-ISAC’s Ball suggested authorizing ETAC to help further its mission, and he asked Congress to fund smaller utilities’ cyber defense and to reauthorize the Cybersecurity Information Sharing Act of 2015. The act is meant to facilitate information sharing and was temporarily extended to Jan. 30, 2026.

“Industry sources report that the law has enhanced response capabilities to cyber incidents and meaningfully advanced information sharing and cyber defense,” Ball said in written testimony. “As a private entity, expiration of the law has no immediate negative consequences on E-ISAC operations. However, the law does encourage information sharing with ISACs and other sharing relationships. Reauthorization would support the broader information sharing ecosystem and preserve a highly valued framework for the private sector.”

CIP E-ISAC FERC & Federal Reliability Transmission Operations