[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 2556 Reported in Senate (RS)]
<DOC>
Calendar No. 356
116th CONGRESS
1st Session
S. 2556
To amend the Federal Power Act to provide energy cybersecurity
investment incentives, to establish a grant and technical assistance
program for cybersecurity investments, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
September 26, 2019
Ms. Murkowski (for herself, Mr. Manchin, Mr. Risch, Ms. Cantwell, and
Mr. King) introduced the following bill; which was read twice and
referred to the Committee on Energy and Natural Resources
December 17, 2019
Reported by Ms. Murkowski, with an amendment
[Strike out all after the enacting clause and insert the part printed
in italic]
_______________________________________________________________________
A BILL
To amend the Federal Power Act to provide energy cybersecurity
investment incentives, to establish a grant and technical assistance
program for cybersecurity investments, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
<DELETED>SECTION 1. SHORT TITLE.</DELETED>
<DELETED> This Act may be cited as the ``Protecting Resources On The
Electric grid with Cybersecurity Technology Act of 2019'' or the
``PROTECT Act of 2019''.</DELETED>
<DELETED>SEC. 2. INCENTIVES FOR ADVANCED CYBERSECURITY TECHNOLOGY
INVESTMENT.</DELETED>
<DELETED> Part II of the Federal Power Act is amended by inserting
after section 219 (16 U.S.C. 824s) the following:</DELETED>
<DELETED>``SEC. 219A. INCENTIVES FOR CYBERSECURITY
INVESTMENTS.</DELETED>
<DELETED> ``(a) Definitions.--In this section:</DELETED>
<DELETED> ``(1) Advanced cybersecurity technology.--The term
`advanced cybersecurity technology' means any technology,
operational capability, or service, including computer
hardware, software, or a related asset, that enhances the
security posture of public utilities through improvements in
the ability to protect against, detect, respond to, or recover
from a cybersecurity threat (as defined in section 102 of the
Cybersecurity Act of 2015 (6 U.S.C. 1501)).</DELETED>
<DELETED> ``(2) Advanced cybersecurity technology
information.--The term `advanced cybersecurity technology
information' means information relating to advanced
cybersecurity technology or proposed advanced cybersecurity
technology that is generated by or provided to the Commission
or another Federal agency.</DELETED>
<DELETED> ``(b) Study.--Not later than 180 days after the date of
enactment of this section, the Commission, in consultation with the
Secretary of Energy, the North American Electric Reliability
Corporation, the Electricity Subsector Coordinating Council, and the
National Association of Regulatory Utility Commissioners, shall conduct
a study to identify incentive-based, including performance-based, rate
treatments for the transmission of electric energy subject to the
jurisdiction of the Commission that could be used to encourage--
</DELETED>
<DELETED> ``(1) investment by public utilities in advanced
cybersecurity technology; and</DELETED>
<DELETED> ``(2) participation by public utilities in
cybersecurity threat information sharing programs.</DELETED>
<DELETED> ``(c) Incentive-Based Rate Treatment.--Not later than 1
year after the completion of the study under subsection (b), the
Commission shall establish, by rule, incentive-based, including
performance-based, rate treatments for the transmission of electric
energy in interstate commerce by public utilities for the purpose of
benefitting consumers by encouraging--</DELETED>
<DELETED> ``(1) investments by public utilities in advanced
cybersecurity technology; and</DELETED>
<DELETED> ``(2) participation by public utilities in
cybersecurity threat information sharing programs.</DELETED>
<DELETED> ``(d) Factors for Consideration.--In issuing the rule
pursuant to this section, the Commission may provide additional
incentives beyond those identified in subsection (c) in any case in
which the Commission determines that an investment in advanced
cybersecurity technology or information sharing program costs will
reduce cybersecurity risks to--</DELETED>
<DELETED> ``(1) defense critical electric infrastructure (as
defined in section 215A(a)) and other facilities subject to the
jurisdiction of the Commission that are critical to public
safety, national defense, or homeland security, as determined
by the Commission in consultation with--</DELETED>
<DELETED> ``(A) the Secretary of Energy;
and</DELETED>
<DELETED> ``(B) appropriate Federal agencies;
and</DELETED>
<DELETED> ``(2) facilities of small- or medium-sized public
utilities with limited cybersecurity resources, as determined
by the Commission.</DELETED>
<DELETED> ``(e) Ratepayer Protection.--Any rate approved under the
rule issued pursuant to this section, including any revisions to that
rule, shall be subject to the requirements of sections 205 and 206 that
all rates, charges, terms, and conditions--</DELETED>
<DELETED> ``(1) shall be just and reasonable; and</DELETED>
<DELETED> ``(2) shall not be unduly discriminatory or
preferential.</DELETED>
<DELETED> ``(f) Single-Issue Rate Filings.--The Commission shall
permit public utilities to apply for incentive-based rate treatment
under the rule issued under this section on a single-issue basis by
submitting to the Commission a tariff schedule under section 205 that
permits recovery of costs and incentives over the depreciable life of
the applicable assets, without regard to changes in receipts or other
costs of the public utility.</DELETED>
<DELETED> ``(g) Protection of Information.--Advanced cybersecurity
technology information that is provided to, generated by, or collected
by the Federal Government under subsection (b), (c), or (f) shall be
considered to be critical electric infrastructure information under
section 215A.''.</DELETED>
<DELETED>SEC. 3. RURAL AND MUNICIPAL UTILITY ADVANCED CYBERSECURITY
GRANT AND TECHNICAL ASSISTANCE PROGRAM.</DELETED>
<DELETED> (a) Definitions.--In this section:</DELETED>
<DELETED> (1) Advanced cybersecurity technology.--The term
``advanced cybersecurity technology'' means any technology,
operational capability, or service, including computer
hardware, software, or a related asset, that enhances the
security posture of electric utilities through improvements in
the ability to protect against, detect, respond to, or recover
from a cybersecurity threat (as defined in section 102 of the
Cybersecurity Act of 2015 (6 U.S.C. 1501)).</DELETED>
<DELETED> (2) Eligible entity.--The term ``eligible entity''
means--</DELETED>
<DELETED> (A) a rural electric
cooperative;</DELETED>
<DELETED> (B) a utility owned by a political
subdivision of a State, such as a municipally owned
electric utility;</DELETED>
<DELETED> (C) a utility owned by any agency,
authority, corporation, or instrumentality of one or
more political subdivisions of a State; and</DELETED>
<DELETED> (D) a not-for-profit entity that is in a
partnership with not fewer than 6 entities described in
subparagraph (A), (B), or (C).</DELETED>
<DELETED> (3) Program.--The term ``Program'' means the Rural
and Municipal Utility Advanced Cybersecurity Grant and
Technical Assistance Program established under subsection
(b).</DELETED>
<DELETED> (4) Secretary.--The term ``Secretary'' means the
Secretary of Energy.</DELETED>
<DELETED> (b) Establishment.--Not later than 180 days after the date
of enactment of this Act, the Secretary, in consultation with the
Federal Energy Regulatory Commission, the North American Electric
Reliability Corporation, and the Electricity Subsector Coordinating
Council, shall establish a program, to be known as the ``Rural and
Municipal Utility Advanced Cybersecurity Grant and Technical Assistance
Program'', to provide grants and technical assistance to, and enter
into cooperative agreements with, eligible entities to protect against,
detect, respond to, and recover from cybersecurity threats.</DELETED>
<DELETED> (c) Objectives.--The objectives of the Program shall be--
</DELETED>
<DELETED> (1) to deploy advanced cybersecurity technologies
for electric utility systems; and</DELETED>
<DELETED> (2) to increase the participation of eligible
entities in cybersecurity threat information sharing
programs.</DELETED>
<DELETED> (d) Awards.--</DELETED>
<DELETED> (1) In general.--The Secretary--</DELETED>
<DELETED> (A) shall award grants and provide
technical assistance under the Program to eligible
entities on a competitive basis;</DELETED>
<DELETED> (B) shall develop criteria and a formula
for awarding grants and providing technical assistance
under the Program;</DELETED>
<DELETED> (C) may enter into cooperative agreements
with eligible entities that can facilitate the
objectives described in subsection (c); and</DELETED>
<DELETED> (D) shall establish a process to ensure
that all eligible entities are informed about and can
become aware of opportunities to receive grants or
technical assistance under the Program.</DELETED>
<DELETED> (2) Priority for grants and technical
assistance.--In awarding grants and providing technical
assistance under the Program, the Secretary shall give priority
to an eligible entity that, as determined by the Secretary--
</DELETED>
<DELETED> (A) has limited cybersecurity
resources;</DELETED>
<DELETED> (B) owns assets critical to the
reliability of the bulk power system; or</DELETED>
<DELETED> (C) owns defense critical electric
infrastructure (as defined in section 215A(a) of the
Federal Power Act (16 U.S.C. 824o-1(a))).</DELETED>
<DELETED> (e) Protection of Information.--Information provided to,
or collected by, the Federal Government under this section--</DELETED>
<DELETED> (1) shall be exempt from disclosure under section
552(b)(3) of title 5, United States Code; and</DELETED>
<DELETED> (2) shall not be made available by any Federal
agency, State, political subdivision of a State, or Tribal
authority under any applicable law requiring public disclosure
of information or records.</DELETED>
<DELETED> (f) Funding.--There is authorized to be appropriated to
carry out this section $50,000,000 for each of fiscal years 2020
through 2024, to remain available until expended.</DELETED>
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Protecting Resources On The Electric
grid with Cybersecurity Technology Act of 2019'' or the ``PROTECT Act
of 2019''.
SEC. 2. INCENTIVES FOR ADVANCED CYBERSECURITY TECHNOLOGY INVESTMENT.
Part II of the Federal Power Act is amended by inserting after
section 219 (16 U.S.C. 824s) the following:
``SEC. 219A. INCENTIVES FOR CYBERSECURITY INVESTMENTS.
``(a) Definitions.--In this section:
``(1) Advanced cybersecurity technology.--The term
`advanced cybersecurity technology' means any technology,
operational capability, or service, including computer
hardware, software, or a related asset, that enhances the
security posture of public utilities through improvements in
the ability to protect against, detect, respond to, or recover
from a cybersecurity threat (as defined in section 102 of the
Cybersecurity Act of 2015 (6 U.S.C. 1501)).
``(2) Advanced cybersecurity technology information.--The
term `advanced cybersecurity technology information' means
information relating to advanced cybersecurity technology or
proposed advanced cybersecurity technology that is generated by
or provided to the Commission or another Federal agency.
``(b) Study.--Not later than 180 days after the date of enactment
of this section, the Commission, in consultation with the Secretary of
Energy, the North American Electric Reliability Corporation, the
Electricity Subsector Coordinating Council, and the National
Association of Regulatory Utility Commissioners, shall conduct a study
to identify incentive-based, including performance-based, rate
treatments for the transmission and sale of electric energy subject to
the jurisdiction of the Commission that could be used to encourage--
``(1) investment by public utilities in advanced
cybersecurity technology; and
``(2) participation by public utilities in cybersecurity
threat information sharing programs.
``(c) Incentive-Based Rate Treatment.--Not later than 1 year after
the completion of the study under subsection (b), the Commission shall
establish, by rule, incentive-based, including performance-based, rate
treatments for the transmission of electric energy in interstate
commerce and the sale of electric energy at wholesale in interstate
commerce by public utilities for the purpose of benefitting consumers
by encouraging--
``(1) investments by public utilities in advanced
cybersecurity technology; and
``(2) participation by public utilities in cybersecurity
threat information sharing programs.
``(d) Factors for Consideration.--In issuing a rule pursuant to
this section, the Commission may provide additional incentives beyond
those identified in subsection (c) in any case in which the Commission
determines that an investment in advanced cybersecurity technology or
information sharing program costs will reduce cybersecurity risks to--
``(1) defense critical electric infrastructure (as defined
in section 215A(a)) and other facilities subject to the
jurisdiction of the Commission that are critical to public
safety, national defense, or homeland security, as determined
by the Commission in consultation with--
``(A) the Secretary of Energy; and
``(B) appropriate Federal agencies; and
``(2) facilities of small or medium-sized public utilities
with limited cybersecurity resources, as determined by the
Commission.
``(e) Ratepayer Protection.--
``(1) In general.--Any rate approved under a rule issued
pursuant to this section, including any revisions to that rule,
shall be subject to the requirements of sections 205 and 206
that all rates, charges, terms, and conditions--
``(A) shall be just and reasonable; and
``(B) shall not be unduly discriminatory or
preferential.
``(2) Prohibition of duplicate recovery.--Any rule issued
pursuant to this section shall preclude rate treatments that
allow unjust and unreasonable double recovery for advanced
cybersecurity technology.
``(f) Single-Issue Rate Filings.--The Commission shall permit
public utilities to apply for incentive-based rate treatment under a
rule issued under this section on a single-issue basis by submitting to
the Commission a tariff schedule under section 205 that permits
recovery of costs and incentives over the depreciable life of the
applicable assets, without regard to changes in receipts or other costs
of the public utility.
``(g) Protection of Information.--Advanced cybersecurity technology
information that is provided to, generated by, or collected by the
Federal Government under subsection (b), (c), or (f) shall be
considered to be critical electric infrastructure information under
section 215A.''.
SEC. 3. RURAL AND MUNICIPAL UTILITY ADVANCED CYBERSECURITY GRANT AND
TECHNICAL ASSISTANCE PROGRAM.
(a) Definitions.--In this section:
(1) Advanced cybersecurity technology.--The term ``advanced
cybersecurity technology'' means any technology, operational
capability, or service, including computer hardware, software,
or a related asset, that enhances the security posture of
electric utilities through improvements in the ability to
protect against, detect, respond to, or recover from a
cybersecurity threat (as defined in section 102 of the
Cybersecurity Act of 2015 (6 U.S.C. 1501)).
(2) Eligible entity.--The term ``eligible entity'' means--
(A) a rural electric cooperative;
(B) a utility owned by a political subdivision of a
State, such as a municipally owned electric utility;
(C) a utility owned by any agency, authority,
corporation, or instrumentality of 1 or more political
subdivisions of a State;
(D) a not-for-profit entity that is in a
partnership with not fewer than 6 entities described in
subparagraph (A), (B), or (C); and
(E) an investor-owned electric utility that sells
less than 4,000,000 megawatt hours of electricity per
year.
(3) Program.--The term ``Program'' means the Rural and
Municipal Utility Advanced Cybersecurity Grant and Technical
Assistance Program established under subsection (b).
(4) Secretary.--The term ``Secretary'' means the Secretary
of Energy.
(b) Establishment.--Not later than 180 days after the date of
enactment of this Act, the Secretary, in consultation with the Federal
Energy Regulatory Commission, the North American Electric Reliability
Corporation, and the Electricity Subsector Coordinating Council, shall
establish a program, to be known as the ``Rural and Municipal Utility
Advanced Cybersecurity Grant and Technical Assistance Program'', to
provide grants and technical assistance to, and enter into cooperative
agreements with, eligible entities to protect against, detect, respond
to, and recover from cybersecurity threats.
(c) Objectives.--The objectives of the Program shall be--
(1) to deploy advanced cybersecurity technologies for
electric utility systems; and
(2) to increase the participation of eligible entities in
cybersecurity threat information sharing programs.
(d) Awards.--
(1) In general.--The Secretary--
(A) shall award grants and provide technical
assistance under the Program to eligible entities on a
competitive basis;
(B) shall develop criteria and a formula for
awarding grants and providing technical assistance
under the Program;
(C) may enter into cooperative agreements with
eligible entities that can facilitate the objectives
described in subsection (c); and
(D) shall establish a process to ensure that all
eligible entities are informed about and can become
aware of opportunities to receive grants or technical
assistance under the Program.
(2) Priority for grants and technical assistance.--In
awarding grants and providing technical assistance under the
Program, the Secretary shall give priority to an eligible
entity that, as determined by the Secretary--
(A) has limited cybersecurity resources;
(B) owns assets critical to the reliability of the
bulk power system; or
(C) owns defense critical electric infrastructure
(as defined in section 215A(a) of the Federal Power Act
(16 U.S.C. 824o-1(a))).
(e) Protection of Information.--Information provided to, or
collected by, the Federal Government under this section--
(1) shall be exempt from disclosure under section 552(b)(3)
of title 5, United States Code; and
(2) shall not be made available by any Federal agency,
State, political subdivision of a State, or Tribal authority
under any applicable law requiring public disclosure of
information or records.
(f) Funding.--There is authorized to be appropriated to carry out
this section $50,000,000 for each of fiscal years 2020 through 2024, to
remain available until expended.
Calendar No. 356
116th CONGRESS
1st Session
S. 2556
_______________________________________________________________________
A BILL
To amend the Federal Power Act to provide energy cybersecurity
investment incentives, to establish a grant and technical assistance
program for cybersecurity investments, and for other purposes.
_______________________________________________________________________
December 17, 2019
Reported with an amendment