[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 2928 Referred in Senate (RFS)]
<DOC>
117th CONGRESS
1st Session
H. R. 2928
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
July 21, 2021
Received; read twice and referred to the Committee on Energy and
Natural Resources
_______________________________________________________________________
AN ACT
To require the Secretary of Energy to establish a voluntary Cyber Sense
program to test the cybersecurity of products and technologies intended
for use in the bulk-power system, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Cyber Sense Act of 2021''.
SEC. 2. CYBER SENSE.
(a) In General.--The Secretary of Energy, in coordination with
relevant Federal agencies, shall establish a voluntary Cyber Sense
program to test the cybersecurity of products and technologies intended
for use in the bulk-power system, as defined in section 215(a) of the
Federal Power Act (16 U.S.C. 824o(a)).
(b) Program Requirements.--In carrying out subsection (a), the
Secretary of Energy shall--
(1) establish a testing process under the Cyber Sense
program to test the cybersecurity of products and technologies
intended for use in the bulk-power system, including products
relating to industrial control systems and operational
technologies, such as supervisory control and data acquisition
systems;
(2) for products and technologies tested under the Cyber
Sense program, establish and maintain cybersecurity
vulnerability reporting processes and a related database;
(3) provide technical assistance to electric utilities,
product manufacturers, and other electricity sector
stakeholders to develop solutions to mitigate identified
cybersecurity vulnerabilities in products and technologies
tested under the Cyber Sense program;
(4) biennially review products and technologies tested
under the Cyber Sense program for cybersecurity vulnerabilities
and provide analysis with respect to how such products and
technologies respond to and mitigate cyber threats;
(5) develop guidance, that is informed by analysis and
testing results under the Cyber Sense program, for electric
utilities for procurement of products and technologies;
(6) provide reasonable notice to the public, and solicit
comments from the public, prior to establishing or revising the
testing process under the Cyber Sense program;
(7) oversee testing of products and technologies under the
Cyber Sense program; and
(8) consider incentives to encourage the use of analysis
and results of testing under the Cyber Sense program in the
design of products and technologies for use in the bulk-power
system.
(c) Disclosure of Information.--Any cybersecurity vulnerability
reported pursuant to a process established under subsection (b)(2), the
disclosure of which the Secretary of Energy reasonably foresees would
cause harm to critical electric infrastructure (as defined in section
215A of the Federal Power Act), shall be deemed to be critical electric
infrastructure information for purposes of section 215A(d) of the
Federal Power Act.
(d) Federal Government Liability.--Nothing in this section shall be
construed to authorize the commencement of an action against the United
States Government with respect to the testing of a product or
technology under the Cyber Sense program.
Passed the House of Representatives July 20, 2021.
Attest:
CHERYL L. JOHNSON,
Clerk.