A newly introduced Michigan bill would require solar farm operators to adopt cybersecurity protections and report major cyber incidents to state and local authorities.
A new bill was introduced in the Michigan House of Representatives that would add new cybersecurity requirements for solar farms. 
Michigan House Bill 6011 was introduced last Thursday, and it would require operators of solar energy facilities to create and implement cybersecurity measures.  
Advertisement
Article continues below this ad
According to the bill, operators of qualifying solar facilities would be required to maintain “reasonable security measures” to protect “safety-critical systems” from cyberattacks that could impair safe operations. The bill requires operators to implement a risk-based cybersecurity and resilience program aligned with recognized standards such as guidance from either the National Institute of Standards and Technology or the Cybersecurity and Infrastructure Security Agency. 
The cybersecurity program may include cyber risk identification, access controls, network/system segmentation, supply-chain risk management and periodic review and testing. 
Operators would also have to maintain an incident response plan that coordinates with emergency responders. However, the bill states that these notifications do not impose new duties or liabilities on emergency responders. 
If a cybersecurity incident were to happen, for a “material cybersecurity incident,” operators must notify the Michigan State Police and the local emergency management coordinator within 24 hours of discovery, when practicable. 
Advertisement
Article continues below this ad
 Within 72 hours, operators must provide a written high-level summary that avoids disclosing sensitive security details. 
The Attorney General may request documentation only when tied to a specific incident or complaint. It explicitly forbids routine or programmatic audits. 
The bill said that knowingly or recklessly violating the section could result in civil fines up to $25,000 per day per violation. The Attorney General would have to provide notice and up to 30 days to cure violations before seeking penalties. 
Advertisement
Article continues below this ad
The bill was introduced by Representative Reggie Miller (D-District 31) and was cosponsored by four other Democrats. The bill was referred to Committee on Communications and Technology. 
Brendan Sanders is a 2022 graduate of Ferris State University with a bachelor’s degree in sports communication and minors in journalism and marketing/sales. At Ferris State he was the editor in chief for the Ferris State Torch newspaper and is a member of Ferris State University’s Sports Leadership Institute Advisory Board. A Lowell High School graduate, Brendan is an avid fan of various sports, including football, basketball and any form of motorsport.
About
Contact
Services
Account

source