[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 2333 Reported in Senate (RS)]
<DOC>
Calendar No. 264
116th CONGRESS
1st Session
S. 2333
[Report No. 116-144]
To provide for enhanced energy grid security.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
July 30, 2019
Ms. Cantwell (for herself and Mr. Heinrich) introduced the following
bill; which was read twice and referred to the Committee on Energy and
Natural Resources
October 23, 2019
Reported by Ms. Murkowski, without amendment
_______________________________________________________________________
A BILL
To provide for enhanced energy grid security.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Energy Cybersecurity Act of 2019''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Department.--The term ``Department'' means the
Department of Energy.
(2) Electric utility.--The term ``electric utility'' has
the meaning given the term in section 3 of the Federal Power
Act (16 U.S.C. 796).
(3) ES-ISAC.--The term ``ES-ISAC'' means the Electricity
Sector Information Sharing and Analysis Center.
(4) National laboratory.--The term ``National Laboratory''
has the meaning given the term in section 2 of the Energy
Policy Act of 2005 (42 U.S.C. 15801).
(5) Secretary.--The term ``Secretary'' means the Secretary
of Energy.
SEC. 3. ENHANCED GRID SECURITY.
(a) Cybersecurity for the Energy Sector Research, Development, and
Demonstration Program.--
(1) In general.--The Secretary, in consultation with
appropriate Federal agencies, the energy sector, the States,
and other stakeholders, shall carry out a program--
(A) to develop advanced cybersecurity applications
and technologies for the energy sector--
(i) to identify and mitigate
vulnerabilities, including--
(I) dependencies on other critical
infrastructure; and
(II) impacts from weather and fuel
supply; and
(ii) to advance the security of field
devices and third-party control systems,
including--
(I) systems for generation,
transmission, distribution, end use,
and market functions;
(II) specific electric grid
elements including advanced metering,
demand response, distributed
generation, and electricity storage;
(III) forensic analysis of infected
systems; and
(IV) secure communications;
(B) to leverage electric grid architecture as a
means to assess risks to the energy sector, including
by implementing an all-hazards approach to
communications infrastructure, control systems
architecture, and power systems architecture;
(C) to perform pilot demonstration projects with
the energy sector to gain experience with new
technologies; and
(D) to develop workforce development curricula for
energy sector-related cybersecurity.
(2) Authorization of appropriations.--There is authorized
to be appropriated to carry out this subsection $65,000,000 for
each of fiscal years 2020 through 2028.
(b) Energy Sector Component Testing for Cyberresilience Program.--
(1) In general.--The Secretary shall carry out a program--
(A) to establish a cybertesting and mitigation
program to identify vulnerabilities of energy sector
supply chain products to known threats;
(B) to oversee third-party cybertesting; and
(C) to develop procurement guidelines for energy
sector supply chain components.
(2) Authorization of appropriations.--There is authorized
to be appropriated to carry out this subsection $15,000,000 for
each of fiscal years 2020 through 2028.
(c) Energy Sector Operational Support for Cyberresilience
Program.--
(1) In general.--The Secretary may carry out a program--
(A) to enhance and periodically test--
(i) the emergency response capabilities of
the Department; and
(ii) the coordination of the Department
with other agencies, the National Laboratories,
and private industry;
(B) to expand cooperation of the Department with
the intelligence communities for energy sector-related
threat collection and analysis;
(C) to enhance the tools of the Department and ES-
ISAC for monitoring the status of the energy sector;
(D) to expand industry participation in ES-ISAC;
and
(E) to provide technical assistance to small
electric utilities for purposes of assessing
cybermaturity level.
(2) Authorization of appropriations.--There is authorized
to be appropriated to carry out this subsection $10,000,000 for
each of fiscal years 2020 through 2028.
(d) Modeling and Assessing Energy Infrastructure Risk.--
(1) In general.--The Secretary shall develop an advanced
energy security program to secure energy networks, including
electric, natural gas, and oil exploration, transmission, and
delivery.
(2) Security and resiliency objective.--The objective of
the program developed under paragraph (1) is to increase the
functional preservation of the electric grid operations or
natural gas and oil operations in the face of natural and
human-made threats and hazards, including electric magnetic
pulse and geomagnetic disturbances.
(3) Eligible activities.--In carrying out the program
developed under paragraph (1), the Secretary may--
(A) develop capabilities to identify
vulnerabilities and critical components that pose major
risks to grid security if destroyed or impaired;
(B) provide modeling at the national level to
predict impacts from natural or human-made events;
(C) develop a maturity model for physical security
and cybersecurity;
(D) conduct exercises and assessments to identify
and mitigate vulnerabilities to the electric grid,
including providing mitigation recommendations;
(E) conduct research hardening solutions for
critical components of the electric grid;
(F) conduct research mitigation and recovery
solutions for critical components of the electric grid;
and
(G) provide technical assistance to States and
other entities for standards and risk analysis.
(4) Authorization of appropriations.--There is authorized
to be appropriated to carry out this subsection $10,000,000 for
each of fiscal years 2020 through 2028.
(e) Leveraging Existing Programs.--The programs established under
this section shall be carried out consistent with--
(1) the report of the Department entitled ``Roadmap to
Achieve Energy Delivery Systems Cybersecurity'' and dated 2011;
(2) existing programs of the Department; and
(3) any associated strategic framework that links together
academic and National Laboratory researchers, electric
utilities, manufacturers, and any other relevant private
industry organizations, including the Electricity Sub-sector
Coordinating Council.
(f) Study.--
(1) In general.--Not later than 180 days after the date of
enactment of this Act, the Secretary, in consultation with the
Federal Energy Regulatory Commission and the North American
Electric Reliability Corporation, shall conduct a study to
explore alternative management structures and funding
mechanisms to expand industry membership and participation in
ES-ISAC.
(2) Report.--The Secretary shall submit to the appropriate
committees of Congress a report describing the results of the
study conducted under paragraph (1).
Calendar No. 264
116th CONGRESS
1st Session
S. 2333
[Report No. 116-144]
_______________________________________________________________________
A BILL
To provide for enhanced energy grid security.
_______________________________________________________________________
October 23, 2019
Reported without amendment