As noted here in November 2021 and October 2023, the renewable energy sector faces growing concerns over its vulnerability to cyberattacks. Since then, the situation has not improved; the U.S. electrical grid has grown more vulnerable to cyberattacks,[1] with domestic utilities experiencing a 70% surge in cyberattacks in 2024.[2]
In the weeks that followed a ransomware attack on a domestic pipeline company, the federal government’s efforts to shore up the cybersecurity posture of America’s critical infrastructure and supply chains, including the oil and gas industry, have garnered increased attention. Historically, the oil and gas sector has not been subject to mandatory cybersecurity regulations, but rather was encouraged to follow voluntary security guidelines that were initially published by the Transportation Security Administration (TSA) in 2011 and revised in 2018. Yet, the industry sector’s geographic size, number of operators/stakeholders within the sector, and its importance to the national economy make the oil and gas industry an attractive target for cyberattacks.
Each of these factors begs the question whether voluntary cybersecurity measures are sufficient to protect this critical infrastructure component? Based on the TSA’s decision to publish the very first Pipeline Security Directive (“Directive”) three weeks after Colonial Pipeline was victimized by a ransomware attack, the answer to this rhetorical question appears to be an emphatic “No.”
Bottom Line Up Front: The Department of Energy (DOE) will implement new cybersecurity programs to enhance energy sector resilience. DOE’s announcement coincides with the Senate Energy and Natural Resources Committee’s support for the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Expect to see resilience to cyber attacks in future government procurement activities.
On March 18, 2021, CESER announced several new research programs designed to enhance the safety and resilience of the U.S. energy sector. The Trump administration established CESER to protect critical energy infrastructure by assisting oil, natural gas, and electricity industries secure their infrastructure. Currently, energy infrastructure faces threats not only from climate and natural hazards, but also evolving and increasing physical and cyber threats.
Lawmakers of the 86th Texas Legislature passed several bills in regular session related to storage and cybersecurity, as well as a bill extending the expiration of a Chapter 312 tax abatement program that benefits renewable energy. These energy-related bills passed by the Texas Legislature are discussed below, as are notable bills that failed to gain traction this session.
By the time the March 8, 2019 bill filing deadline for the 86th Texas Legislature passed, many bills concerning the electric industry had been filed. Storage, cybersecurity of the electric grid, and capital project tax abatements are among the energy issues Texas lawmakers are considering. This reviews the major filed bills before the current Texas Legislature.