The new PROTECT the Grid Act currently under debate in Congress will definitely help to secure the United States’ power grid.
On August 7, 2025, Senator Rick Scott (R-FL) announced his “PROTECT the Grid” Act. The Florida senator should be commended for authoring and filing the Preventing Remote Operations by Threatening Entities on Critical Technology for the Grid (PROTECT the Grid) Act.
“My Protect the Grid Act calls for an investigation into China’s influence through these items and how we can work to cut off their access, secure our grid, and stop a foreign dictatorship from holding American citizens hostage through their own appliances,” Sen. Scott said.
The bill seeks to address an emerging and growing threat vector that can be utilized by our adversaries to disrupt the operations of the electric grid and cause blackouts across the nation.
That vector of attack is known as ‘‘MaDIoT,’’ or “Manipulation of Demand Internet of Things.” “IoT,” or “Internet of Things,” is the technical term for what many people refer to as smart technology —appliances and items that are connected to the internet, facilitating remote monitoring and/or control.
The MaDIoT threat to the grid —which has been researched by academic institutions such as Princeton University, the Georgia Institute of Technology, and the University of California, Santa Cruz —is one where an attacker seeks to utilize electricity-consuming devices and appliances to manipulate demand on the grid rapidly or the amount of electricity needed to operate the grid.
This novel form of attack is indirect and doesn’t require that the adversary access the networks running the grid, making it extremely hard to detect and impossible for grid operators to disconnect from —enabling adversaries to potentially strike over and over without being thwarted.
The way an adversary can use the MaDIoT form of attack is by remotely manipulating large numbers of devices and appliances simultaneously to change (usually by increasing) the amount of electricity they require.
An example of a MaDIot attack would be a simultaneous increase in air conditioning usage by changing the thermostats of every household in a major city at one time. This could destabilize the electric grid, especially if it was on a hot day when grid operators are already struggling to meet demand. Or, since there is often lag time with A/C thermostats, they could target smart water heaters, which respond instantly, on a day when the grid is already strained due to cold weather.
Senator Scott’s bill requires that the Department of Commerce assess the MaDIoT threat in coordination with other federal agencies and provide a report within 270 days to the Senate Committee on Commerce, Science, and Transportation and the House Committee on Energy and Commerce.
The bill specifically calls for the assessment of foreign-manufactured “high-wattage IOT devices,” which are those “capable of consuming or controlling electrical power at a level exceeding 500 watts, regardless of whether the device is used or designed for use in residential or commercial applications.”
Below is a list of common smart devices and appliances that would fall under this category, with an estimated level of common electrical demand in the form of wattage:
- EV Charging Stations —350,000 watts down to 1,400 watts depending on size
- Smart Dryers —over 5000 watts
- Smart Water heaters — 4,000 watts
- Smart AC units — 3,000-11,000 watts
- Smart Ovens — 2,000-3,000 watts
- Smart Dishwashers —1500 watts
- Smart Washing Machines — 600-2200 watts
- Smart Refrigerators — 500 watts
The bill directs the Commerce Department to consider “public comments and input from industry experts, domestic producers, importers, consumer groups, and other stakeholders regarding the security of, and the extent of foreign influence over, foreign adversary-controlled applications and high-wattage IoT devices.”
Presumably, industry experts will encourage the Commerce Department to consider the fact that the “brains” of many of the smart device systems —such as thermostats, wireless routers, and other wi-fi equipment — can run lower than 500 watts. Similarly, there should be a focus on any IoT equipment that is critical to service operation that would affect heating and cooling, life-sustaining equipment, communication equipment, and business and home security systems. Finally, the Commerce Department should seek input from not only experienced IT and OT professionals but engineers as well.
It should be noted that President Trump sought to defend against the MaDIoT threat in his first term by passing Executive Order 13873 on May 15, 2019, titled “Securing the Information and Communications Technology and Services Supply Chain.”
Fortunately, Senator Scott’s bill codifies Executive Order 13873 into law and also requires that the Commerce Department’s report “include recommendations for mitigation measures to address any identified national security risks.”
The next Trump executive order from President Trump’s first term that should be codified into law is Executive Order 13920. It was issued on May 1, 2020, as part of the president’s declaration of a “grid security emergency,” and it sought to address, among other things, the supply chain threat of Chinese-manufactured transformers in the U.S. grid —yet another vector of attack.
Back then, there were about 300 such transformers on the US grid. As of May 2025, there are now 582, making it all the more necessary that Executive Order 13920 also become the law of the land.
About the Author: Lt. Col. Tommy Waller, USMC Ret.
Lt. Col. Tommy Waller is the President & CEO of the Center for Security Policy. Waller retired from the U.S. Marines after two decades of service in both active duty and the reserves as an Infantry and Expeditionary Ground Reconnaissance Officer with deployments to Afghanistan, Iraq, Africa, and South America and with cross-assigned service to the U.S. Air Force’s Electromagnetic Defense Task Force (EDTF). His formal education includes numerous military schools and colleges, a degree in International Relations from Tulane University, and executive education from the Wharton School. In addition to running the Center for Security Policy, he also manages the nationwide bipartisan Secure the Grid Coalition.
[The Center for Security Policy is a 501c3 nonprofit that receives no funding from governments, foreign sources, or corporations that can profit from the organization’s policy recommendations.]
Image: Shutterstock/Jhon eliass
