[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4939 Introduced in House (IH)]
<DOC>
117th CONGRESS
1st Session
H. R. 4939
To provide for a comprehensive interdisciplinary research, development,
and demonstration initiative to strengthen the capacity of the energy
sector to prepare for and withstand cyber and physical attacks, and for
other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
August 6, 2021
Mr. Bera (for himself and Mr. Weber of Texas) introduced the following
bill; which was referred to the Committee on Science, Space, and
Technology, and in addition to the Committee on Homeland Security, for
a period to be subsequently determined by the Speaker, in each case for
consideration of such provisions as fall within the jurisdiction of the
committee concerned
_______________________________________________________________________
A BILL
To provide for a comprehensive interdisciplinary research, development,
and demonstration initiative to strengthen the capacity of the energy
sector to prepare for and withstand cyber and physical attacks, and for
other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Grid Security Research and
Development Act''.
SEC. 2. FINDINGS.
Congress finds the following:
(1) The Nation, and every critical infrastructure sector,
depends on reliable electricity.
(2) Intelligent electronic devices, advanced analytics, and
information systems used across the energy sector are essential
to maintaining reliable operation of the electric grid.
(3) The cybersecurity threat landscape is constantly
changing and attacker capabilities are advancing rapidly,
requiring ongoing modifications, advancements, and investments
in technologies, procedures, and workforce development to
maintain security.
(4) It is in the national interest for Federal agencies to
invest in innovative cybersecurity research that informs and
facilitates private sector investment and use of new and
advanced cybersecurity tools and procedures to protect
information systems.
(5) The number of devices and systems connecting to the
electric grid is increasing, and integrating cybersecurity
protections into information systems when they are designed and
built is more effective than modifying products after
installation to meet cybersecurity goals.
(6) An understanding of human factors can be leveraged to
understand the behavior of cyber threat actors, develop
strategies to counter threat actors, improve cybersecurity
training programs, optimize the design of human-machine
interfaces and cybersecurity tools, and increase the capacity
of the energy sector workforce to prevent unauthorized access
to critical systems.
SEC. 3. AMENDMENT TO DIVISION Z OF THE CONSOLIDATED APPROPRIATIONS ACT,
2021.
Title VIII of division Z of the Consolidated Appropriations Act,
2021 (Public Law 116-260) is amended by inserting after section 8012
the following:
``SEC. 8013. ENERGY SECTOR SECURITY RESEARCH, DEVELOPMENT, AND
DEMONSTRATION PROGRAM.
``(a) In General.--The Secretary, in coordination with appropriate
Federal agencies, the Electricity Subsector Coordinating Council, the
Electric Reliability Organization, State, tribal, local, and
territorial governments, the private sector, and other relevant
stakeholders, shall carry out a research, development, and
demonstration program to protect the electric grid and energy systems,
including assets connected to the distribution grid, and associated
supply chains, from cyber and physical attacks by increasing the cyber
and physical security capabilities of the energy sector and
accelerating the development of relevant technologies and tools.
``(b) Department of Energy.--As part of the initiative described in
subsection (a), the Secretary shall award research, development, and
demonstration grants to--
``(1) identify cybersecurity risks to information
technology and operational technology within, and impacting,
the electricity sector, energy systems, and energy
infrastructure;
``(2) develop methods and tools to rapidly detect cyber
intrusions and cyber incidents, including through the use of
data and big data analytics techniques, such as intrusion
detection, and security information and event management
systems, to validate and verify system behavior;
``(3) assess emerging cybersecurity capabilities that could
be applied to energy systems and develop technologies that
integrate cybersecurity features and procedures into the design
and development of existing and emerging grid technologies,
including renewable energy, storage, and demand-side management
technologies;
``(4) identify existing vulnerabilities in intelligent
electronic devices, advanced analytics systems, and information
systems;
``(5) work with relevant entities to develop technologies
or concepts that build or retrofit cybersecurity features and
procedures into--
``(A) information and energy management system
devices, components, software, firmware, and hardware,
including distributed control and management systems,
and building management systems;
``(B) data storage systems, data management
systems, and data analysis processes;
``(C) automated and manually controlled devices and
equipment for monitoring and stabilizing the electric
grid;
``(D) technologies used to synchronize time and
develop guidance for operational contingency plans when
time synchronization technologies, are compromised;
``(E) power system delivery and end user systems
and devices that connect to the grid, including--
``(i) meters, phasor measurement units, and
other sensors;
``(ii) distribution automation
technologies, smart inverters, and other grid
control technologies;
``(iii) distributed generation, energy
storage, and other distributed energy
technologies;
``(iv) demand response technologies;
``(v) home and building energy management
and control systems;
``(vi) electric and plug-in hybrid vehicles
and electric vehicle charging systems; and
``(vii) other relevant devices, software,
firmware, and hardware; and
``(F) the supply chain of electric grid management
system components;
``(6) develop technologies, including information
technologies and operational technologies, that improve the
physical security of the electric grid, including remote
assets;
``(7) integrate human factors research into the design and
development of advanced tools and processes for dynamic
monitoring, detection, protection, mitigation, response, and
cyber situational awareness;
``(8) evaluate and understand the potential consequences of
practices used to maintain the cybersecurity of information
systems and intelligent electronic devices;
``(9) develop or expand the capabilities of existing
cybersecurity test beds to simulate impacts of cyber attacks
and combined cyber-physical attacks on information systems and
electronic devices, including by increasing access to existing
and emerging test beds for cooperative utilities, utilities
owned by a political subdivision of a State, such as
municipally owned electric utilities, and other relevant
stakeholders; and
``(10) develop technologies that reduce the cost of
implementing effective cybersecurity technologies and tools,
including updates to these technologies and tools, in the
energy sector.
``(c) National Science Foundation.--The National Science
Foundation, in coordination with other Federal agencies as appropriate,
shall through its cybersecurity research and development programs--
``(1) support basic research to advance knowledge,
applications, technologies, and tools to strengthen the
cybersecurity of information systems that support the electric
grid and energy systems, including interdisciplinary research
in--
``(A) evolutionary systems, theories, mathematics,
and models;
``(B) economic and financial theories, mathematics,
and models; and
``(C) big data analytical methods, mathematics,
computer coding, and algorithms; and
``(2) support cybersecurity education and training focused
on information systems for the electric grid and energy
workforce, including through the Advanced Technological
Education program, the Cybercorps program, graduate research
fellowships, and other appropriate programs.
``(d) Department of Homeland Security Science and Technology
Directorate.--The Science and Technology Directorate of the Department
of Homeland Security shall coordinate with the Department of Energy,
the private sector, and other relevant stakeholders, to research
existing cybersecurity technologies and tools used in the defense
industry in order to--
``(1) identify technologies and tools that may meet
civilian energy sector cybersecurity needs;
``(2) develop a research strategy that incorporates human
factors research findings to guide the modification of defense
industry cybersecurity tools for use in the civilian sector;
``(3) develop a strategy to accelerate efforts to bring
modified defense industry cybersecurity tools to the civilian
market; and
``(4) carry out other activities the Secretary of Homeland
Security considers appropriate to meet the goals of this
subsection.
``SEC. 8014. GRID RESILIENCE AND EMERGENCY RESPONSE.
``(a) In General.--Not later than 180 days after the enactment of
the Grid Security Research and Development Act, the Secretary shall
establish a research, development, and demonstration program to enhance
resilience and strengthen emergency response and management pertaining
to the energy sector.
``(b) Grants.--The Secretary shall award grants to eligible
entities under subsection (d) on a competitive basis to conduct
research and development with the purpose of improving the resilience
and reliability of the electric grid by--
``(1) developing methods to improve community and
governmental preparation for and emergency response to large-
area, long-duration electricity interruptions, including
through the use of energy efficiency, storage, and distributed
generation technologies;
``(2) developing tools to help utilities and communities
ensure the continuous delivery of electricity to critical
facilities;
``(3) developing tools to improve coordination between
utilities and relevant Federal agencies to enable
communication, information-sharing, and situational awareness
in the event of a physical or cyber-attack on the electric
grid;
``(4) developing technologies and capabilities to withstand
and address the current and projected impact of the changing
climate on energy sector infrastructure, including extreme
weather events, other natural disasters, and wildfires;
``(5) developing technologies capable of early detection of
malfunctioning electrical equipment on the transmission and
distribution grid, including detection of spark ignition
causing wildfires and risks of vegetation contact;
``(6) assessing upgrades and additions needed to energy
sector infrastructure due to projected changes in the energy
generation mix and energy demand;
``(7) upgrading tools used to estimate the costs of outages
longer than 24 hours; and
``(8) developing tools and technologies to assist with the
planning, safe execution of, and safe and timely restoration of
power after cyber and physical attacks, natural disasters, and
emergency power shut offs, such as those conducted to reduce
risks of wildfires started by grid infrastructure.
``(c) Concurrent and Co-Located Disasters.--In carrying out the
program under subsection (a), the Secretary shall support research and
development on tools, techniques, and technologies for improving
electric grid and energy sector safety and resilience in the event of
multiple simultaneous or co-located weather or climate events leading
to extreme conditions, such as extreme wind, wildfires, extreme cold,
and extreme heat.
``(d) Eligible Entities.--The entities eligible to receive grants
under this section include--
``(1) an institution of higher education, including a
historically Black college or university or a minority-serving
institution;
``(2) a nonprofit organization;
``(3) a National Laboratory;
``(4) a unit of State, local, or tribal government;
``(5) an electric utility or electric cooperative;
``(6) a retail service provider of electricity;
``(7) a private commercial entity;
``(8) a partnership or consortium of 2 or more entities
described in paragraphs (1) through (7); and
``(9) any other entities the Secretary deems appropriate.
``(e) Relevant Activities.--Grants awarded under subsection (b)
shall include funding for research and development activities related
to the purpose described in subsection (b), such as--
``(1) development of technologies to use distributed energy
resources, such as solar photovoltaics, energy storage systems,
electric vehicles, and microgrids, to improve grid and critical
end-user resilience;
``(2) analysis of non-technical barriers to greater
integration and use of technologies on the distribution grid;
``(3) analysis of past large-area, long-duration
electricity interruptions to identify common elements and best
practices for electricity restoration, mitigation, and
prevention of future disruptions;
``(4) development of--
``(A) advanced monitoring, analytics, operation,
and controls of electric grid systems to improve
electric grid resilience; and
``(B) independent verification and validation
methodologies, in coordination with the National
Institute of Standards and Technology, to address the
potential cybersecurity vulnerabilities of the
technologies identified in subparagraph (A) of this
paragraph;
``(5) analysis of technologies, methods, and concepts that
can improve community resilience and survivability of frequent
or long-duration power outages;
``(6) development of methodologies to maintain
cybersecurity during restoration of energy sector
infrastructure and operation;
``(7) development of advanced power flow control systems
and components to improve electric grid resilience; and
``(8) any other relevant activities determined by the
Secretary.
``(f) Technical Assistance.--
``(1) In general.--The Secretary shall provide technical
assistance to eligible entities for the commercial application
of technologies to improve the resilience of the electric grid
and commercial application of technologies to help entities
develop plans for preventing and recovering from various power
outage scenarios at the local, regional, and State level.
``(2) Technical assistance program.--The commercial
application technical assistance program established in
paragraph (1) shall include assistance to eligible entities
for--
``(A) the commercial application of technologies
developed from the grant program established in
subsection (b), including cooperative utilities and
utilities owned by a political subdivision of a State,
such as municipally owned electric utilities;
``(B) the development of methods to strengthen or
otherwise mitigate adverse impacts on electric grid
infrastructure against natural hazards;
``(C) the use of Department data and modeling tools
for various purposes;
``(D) a resource assessment and analysis of future
demand and distribution requirements, including
development of advanced grid architectures and risk
analysis;
``(E) the development of tools and technologies to
coordinate data across relevant entities to promote
resilience and wildfire prevention in the planning,
design, construction, operation, and maintenance of
transmission infrastructure;
``(F) analysis to predict the likelihood of extreme
weather events to inform the planning, design,
construction, operation, and maintenance of
transmission infrastructure in consultation with the
National Oceanic and Atmospheric Administration; and
``(G) the commercial application of relevant
technologies, such as distributed energy resources,
microgrids, or other energy technologies, to establish
backup power for users or facilities affected by
emergency power shutoffs.
``(3) Eligible entities.--The entities eligible to receive
technical assistance for commercial application of technologies
under this subsection include--
``(A) representatives of all sectors of the
electric power industry, including electric utilities,
trade organizations, and transmission and distribution
system organizations, owners, and operators;
``(B) State and local governments and regulatory
authorities, including public utility commissions;
``(C) tribal and Alaska Native governmental
entities;
``(D) partnerships among entities under
subparagraphs (A) through (C);
``(E) regional partnerships; and
``(F) any other entities the Secretary deems
appropriate.
``(4) Authority.--Nothing in this subsection shall
authorize the Secretary to require any entity to adopt any
model, tool, technology, plan, analysis, or assessment.
``SEC. 8015. BEST PRACTICES AND GUIDANCE DOCUMENTS FOR ENERGY SECTOR
CYBERSECURITY RESEARCH.
``(a) In General.--The Secretary, in coordination with appropriate
Federal agencies, the Electricity Subsector Coordinating Council,
standards development organizations, State, tribal, local, and
territorial governments, the private sector, public utility
commissions, and other relevant stakeholders, shall coordinate the
development of guidance documents for research, development, and
demonstration activities to improve the cybersecurity capabilities of
the energy sector through participating agencies. As part of these
activities, the Secretary, in consultation with relevant Federal
agencies, shall--
``(1) facilitate stakeholder involvement to update--
``(A) the Roadmap to Achieve Energy Delivery
Systems Cybersecurity;
``(B) the Cybersecurity Procurement Language for
Energy Delivery Systems, including developing guidance
for--
``(i) contracting with third parties to
conduct vulnerability testing for information
systems used across the energy production,
delivery, storage, and end use systems;
``(ii) contracting with third parties that
utilize transient devices to access information
systems; and
``(iii) managing supply chain risks; and
``(C) the Electricity Subsector Cybersecurity
Capability Maturity Model, including the development of
metrics to measure changes in cybersecurity readiness;
and
``(2) develop voluntary guidance to improve digital
forensic analysis capabilities, including--
``(A) developing standardized terminology and
monitoring processes; and
``(B) utilizing human factors research to develop
more effective procedures for logging incident events;
and
``(3) work with the National Science Foundation, Department
of Homeland Security, and stakeholders to develop a mechanism
to anonymize, aggregate, and share the testing results from
cybersecurity test beds to facilitate technology improvements
by public and private sector researchers.
``(b) Best Practices.--The Secretary, in collaboration with the
Director of the National Institute of Standards and Technology, the
Director of the Cybersecurity and Infrastructure Security Agency, and
other appropriate Federal agencies, shall convene relevant stakeholders
and facilitate the development of--
``(1) consensus-based best practices to improve
cybersecurity for--
``(A) emerging energy technologies;
``(B) distributed generation and storage
technologies, and other distributed energy resources;
``(C) electric vehicles and electric vehicle
charging stations; and
``(D) other technologies and devices that connect
to the electric grid;
``(2) recommended cybersecurity designs and technical
requirements that can be used by the private sector to design
and build interoperable cybersecurity features into
technologies that connect to the electric grid, including
networked devices and components on distribution systems; and
``(3) technical analysis that can be used by the private
sector in developing best practices for test beds and test bed
methodologies that will enable reproducible testing of
cybersecurity protections for information systems, electronic
devices, and other relevant components, software, and hardware
across test beds.
``(c) Regulatory Authority.--None of the activities authorized in
this section shall be construed to authorize regulatory actions.
Additionally, the voluntary standards developed under this section
shall not duplicate or conflict with mandatory reliability standards.
``SEC. 8016. VULNERABILITY TESTING AND TECHNICAL ASSISTANCE TO IMPROVE
CYBERSECURITY.
``The Secretary shall--
``(1) coordinate with appropriate Federal agencies and
energy sector asset owners and operators, leveraging the
research facilities and expertise of the National Laboratories,
to assist entities in developing testing capabilities by--
``(A) utilizing a range of methods to identify
vulnerabilities in physical and cyber systems;
``(B) developing cybersecurity risk assessment
tools and providing analyses and recommendations to
participating stakeholders; and
``(C) working with appropriate Federal agencies and
stakeholders to develop methods to share anonymized and
aggregated test results to assist relevant stakeholders
in the energy sector, researchers, and the private
sector to advance cybersecurity efforts, technologies,
and tools;
``(2) collaborate with relevant stakeholders, including
public utility commissions, to--
``(A) identify information, research, staff
training, and analytical tools needed to evaluate
cybersecurity issues and challenges in the energy
sector; and
``(B) facilitate the sharing of information and the
development of tools identified under subparagraph (A);
``(3) coordinate with tribal governments to identify
information, research, and analysis tools needed by tribal
governments to increase the cybersecurity of energy assets
within their jurisdiction.
``SEC. 8017. CYBERSECURITY EDUCATION AND WORKFORCE TRAINING RESEARCH
AND STANDARDS.
``(a) In General.--The Secretary shall support the development of a
cybersecurity workforce through a program that--
``(1) facilitates collaboration between undergraduate and
graduate students, researchers at the National Laboratories,
and the private sector;
``(2) prioritizes science and technology in areas relevant
to the mission of the Department of Energy through the design
and application of cybersecurity technologies for the energy
sector;
``(3) develops, or facilitates private sector development
of, voluntary cybersecurity training and retraining standards,
lessons, and recommendations for the energy sector that
minimize duplication of cybersecurity compliance training
programs; and
``(4) maintains a public database of energy sector
cybersecurity education, training, and certification programs.
``(b) Grid Resilience Technology Training.--The Secretary shall
support the development of the grid workforce through a training
program that prioritizes activities that enhance the resilience of the
electric grid and energy sector infrastructure, including training on
the use of tools, technologies, and methods developed under the grant
program established in section 1311(b).
``(c) Collaboration.--In carrying out the program authorized in
subsection (a) and (b), the Secretary shall coordinate with appropriate
Federal agencies and leverage programs and activities carried out
across the Department of Energy, other relevant Federal agencies,
institutions of higher education, and other appropriate entities best
suited to provide national leadership on cybersecurity and grid
resilience-related issues.
``SEC. 8018. INTERAGENCY COORDINATION AND STRATEGIC PLAN FOR ENERGY
SECTOR CYBERSECURITY RESEARCH.
``(a) Duties.--The Secretary, in coordination with appropriate
Federal agencies and the Energy Sector Government Coordinating Council,
shall--
``(1) review the most recent versions of the Roadmap to
Achieve Energy Delivery Systems Cybersecurity and the Multi-
Year Program Plan for Energy Sector Cybersecurity to identify
crosscutting energy sector cybersecurity research needs and
opportunities for collaboration among Federal agencies and
other relevant stakeholders;
``(2) identify interdisciplinary research, technology, and
tools that can be applied to cybersecurity challenges in the
energy sector;
``(3) identify technology transfer opportunities to
accelerate the development and commercial application of novel
cybersecurity technologies, systems, and processes in the
energy sector; and
``(4) develop a coordinated Interagency Strategic Plan for
research to advance cybersecurity capabilities used in the
energy sector that builds on the Roadmap to Achieve Energy
Delivery Systems in Cybersecurity and the Multi-Year Program
Plan for Energy Sector Cybersecurity.
``(b) Interagency Strategic Plan.--
``(1) Submittal.--The Interagency Strategic Plan developed
under subsection (a)(4) shall be submitted to Congress and made
public within 12 months after the date of enactment of the Grid
Security Research and Development Act.
``(2) Contents.--The Interagency Strategic Plan shall
include--
``(A) an analysis of how existing cybersecurity
research efforts across the Federal Government are
advancing the goals of the Roadmap to Achieve Energy
Delivery Systems Cybersecurity and the Multi-Year
Program Plan for Energy Sector Cybersecurity;
``(B) recommendations for research areas that may
advance the cybersecurity of the energy sector;
``(C) an overview of existing and proposed public
and private sector research efforts that address the
topics outlined in paragraph (3); and
``(D) an overview of needed support for workforce
training in cybersecurity for the energy sector.
``(3) Considerations.--In developing the Interagency
Strategic Plan, the Secretary, in coordination with appropriate
Federal agencies and the Energy Sector Government Coordinating
Council, shall consider--
``(A) opportunities for human factors research to
improve the design and effectiveness of cybersecurity
devices, technologies, tools, processes, and training
programs;
``(B) contributions of other disciplines to the
development of innovative cybersecurity procedures,
devices, components, technologies, and tools;
``(C) opportunities for technology transfer
programs to facilitate private sector development of
cybersecurity procedures, devices, components,
technologies, and tools for the energy sector;
``(D) broader applications of the work done by
relevant Federal agencies to advance the cybersecurity
of information systems and data analytics systems for
the energy sector; and
``(E) activities called for in the Federal
cybersecurity research and development strategic plan
required by section 201(a)(1) of the Cybersecurity
Enhancement Act of 2014 (15 U.S.C. 7431(a)(1)).
``(c) Participation.--For the purposes of carrying out this
section, the Energy Sector Government Coordinating Council shall
include representatives from Federal agencies with expertise in the
energy sector, information systems, data analytics, cyber and physical
systems, engineering, human factors research, human-machine interfaces,
high performance computing, big data and data analytics, or other
disciplines considered appropriate by the Council Chair.
``SEC. 8019. REPORT TO CONGRESS.
``(a) Study.--The Secretary, in collaboration with the National
Institute of Standards and Technology, other Federal agencies, and
energy sector stakeholders, in order to provide recommendations for
additional research, development, demonstration, and commercial
application activities, shall--
``(1) analyze physical and cyber attacks on energy sector
infrastructure and information systems and identify cost-
effective opportunities to improve physical and cybersecurity;
and
``(2) examine the risks associated with increasing
penetration of digital technologies in grid networks,
particularly on the distribution grid.
``(b) Content.--The study shall--
``(1) analyze processes, operational procedures, and other
factors common among cyber attacks;
``(2) identify areas where human behavior plays a critical
role in maintaining or compromising the security of a system;
``(3) recommend--
``(A) changes to the design of devices, human-
machine interfaces, technologies, tools, processes, or
procedures to optimize security that do not require a
change in human behavior; and
``(B) training techniques to increase the capacity
of employees to actively identify, prevent, or
neutralize the impact of cyber attacks;
``(4) evaluate existing engineering and technical design
criteria and guidelines that incorporate human factors research
findings, and recommend criteria and guidelines for
cybersecurity tools that can be used to develop display systems
for cybersecurity monitoring, such as alarms, user-friendly
displays, and layouts;
``(5) evaluate the cybersecurity risks and benefits of
various design and architecture options for energy sector
systems, networked grid systems and components, and automation
systems, including consideration of--
``(A) designs that include both digital and analog
control devices and technologies;
``(B) different communication technologies used to
transfer information and data between control system
devices, technologies, and system operators;
``(C) automated and human-in-the-loop devices and
technologies;
``(D) programmable versus nonprogrammable devices
and technologies;
``(E) increased redundancy using dissimilar
cybersecurity technologies; and
``(F) grid architectures that use autonomous
functions to limit control vulnerabilities; and
``(6) recommend methods or metrics to document changes in
risks associated with system designs and architectures.
``(c) Consultation.--In conducting the study, the Secretary shall
consult with energy sector stakeholders, academic researchers, the
private sector, and other relevant stakeholders.
``(d) Report.--Not later than 24 months after the date of enactment
of the Grid Security Research and Development Act, the Secretary shall
submit the study to the Committee on Science, Space, and Technology of
the House of Representatives and the Committee on Energy and Natural
Resources of the Senate.
``SEC. 8020. CRITICAL INFRASTRUCTURE RESEARCH AND CONSTRUCTION.
``(a) In General.--The Secretary shall carry out a program of
research, development, and demonstration of technologies and tools to
help ensure the resilience and security of critical integrated grid
infrastructures.
``(b) Critical Infrastructure Defined.--In this section, the term
`critical infrastructure' means infrastructure that the Secretary
determines to be vital to socioeconomic activities such that, if
destroyed or damaged, such destruction or damage could cause
substantial disruption to such socioeconomic activities.
``(c) Coordination.--In carrying out the program under subsection
(a), the Secretary shall leverage expertise and resources of and
facilitate collaboration and coordination between--
``(1) relevant programs and activities across the
Department;
``(2) the Department of Defense; and
``(3) the Department of Homeland Security.
``(d) Energy Sector Critical Infrastructure Test Facility.--In
carrying out the program under subsection (a), the Secretary, in
consultation with other appropriate Federal agencies, shall establish
and operate an Energy Sector Critical Infrastructure Test Facility
(referred to in this section as the `Test Facility') that allows for
scalable physical and cyber performance testing to be conducted on
industry-scale energy sector critical infrastructure systems. This
facility shall include a focus on--
``(1) cybersecurity test beds; and
``(2) electric grid test beds.
``(e) Selection.--The Secretary shall select the Test Facility
under this section on a competitive, merit-reviewed basis. The
Secretary shall consider applications from National Laboratories,
institutions of higher education, multi-institutional collaborations,
and other appropriate entities.
``(f) Duration.--The Test Facility established under this section
shall receive support for a period of not more than 5 years, subject to
the availability of appropriations.
``(g) Renewal.--Upon the expiration of any period of support of the
Test Facility, the Secretary may renew support for the Test Facility,
on a merit-reviewed basis, for a period of not more than 5 years.
``(h) Termination.--Consistent with the existing authorities of the
Department, the Secretary may terminate the Test Facility for cause
during the performance period.
``SEC. 8021. DEFINITIONS.
``In this title:
``(1) Big data.--The term `big data' means datasets that
require advanced analytical methods for their transformation
into useful information.
``(2) Cybersecurity.--The term `cybersecurity' means
protecting an information system or information that is stored
on, processed by, or transiting an information system from a
cybersecurity threat or security vulnerability.
``(3) Cybersecurity threat.--The term `cybersecurity
threat' has the meaning given the term in section 102 of the
Cybersecurity Information Sharing Act of (6 U.S.C. 1501).
``(4) Department.--The term `Department' means the
Department Of Energy.
``(5) Electricity subsector coordinating council.--The term
`Electricity Subsector Coordinating Council' means the self-
organized, self-governed council consisting of senior industry
representatives to serve as the principal liaison between the
Federal Government and the electric power sector and to carry
out the role of the Sector Coordinating Council as established
in the National Infrastructure Protection Plan for the
electricity subsector.
``(6) Energy sector government coordinating council.--The
term `Energy Sector Government Coordinating Council' means the
council consisting of representatives from relevant Federal
Government agencies to provide effective coordination of energy
sector efforts to ensure a secure, reliable, and resilient
energy infrastructure and to carry out the role of the
Government Coordinating Council as established in the National
Infrastructure Protection Plan for the energy sector.
``(7) Historically black college or university.--The term
`historically Black college or university' has the meaning
given the term `part B institution' in section 322(2) of the
Higher Education Act of 1965 (29 U.S.C. 106(2)).
``(8) Human factors research.--The term `human factors
research' means research on human performance in social and
physical environments, and on the integration and interaction
of humans with physical systems and computer hardware and
software.
``(9) Human-machine interfaces.--The term `human-machine
interfaces' means technologies that present information to an
operator or user about the state of a process or system, or
accept human instructions to implement an action, including
visualization displays such as a graphical user interface.
``(10) Information system.--The term `information system'--
``(A) has the meaning given the term in section 102
of the Cybersecurity Information Sharing Act of 2015 (6
U.S.C. 1501); and
``(B) includes operational technology, information
technology, and communications.
``(11) Minority-serving institution.--The term `minority-
serving institution' means an eligible institution under
section 371(a) of the Higher Education Act of 1965 (20 U.S.C.
1067q(a)).
``(12) National laboratory.--The term `national laboratory'
has the meaning given the term in section 2 of the Energy
Policy Act of 2005 (42 U.S.C. 15801).
``(13) Secretary.--The term `Secretary' means the Secretary
of Energy.
``(14) Security vulnerability.--The term `security
vulnerability' has the meaning given the term in section 102 of
the Cybersecurity Information Sharing Act of 2015 (6 U.S.C.
1501).
``(15) Transient devices.--The term `transient devices'
means removable media, including floppy disks, compact disks,
USB flash drives, external hard drives, mobile devices, and
other devices that utilize wireless connections.''.
SEC. 4. AUTHORIZATION OF APPROPRIATIONS.
Section 8012 of division Z of the Consolidated Appropriations Act,
2021 (Public Law 116-260) is amended by striking subsection (b)(1) and
inserting the following:
``(1) to carry out sections 8006, 8013, 8014, 8015, 8016,
8017, 8018, 8019, 8020 and the amendments made by sections
8001, 8002, and 8005 of this title--
``(A) $371,000,000 for fiscal year 2022;
``(B) $385,550,000 for fiscal year 2023;
``(C) $400,577,500 for fiscal year 2024;
``(D) $420,606,375 for fiscal year 2025; and
``(E) $441,636,694 for fiscal year 2026.''.
SEC. 5. CONFORMING AMENDMENTS.
(a) Section 101(b) of the division Z of the Consolidated
Appropriations Act, 2021 (Public Law 116-260) is amended in the table
of contents--
(1) in the matter relating to 8013, by striking ``8013''
and inserting ``8022'';
(2) in the matter relating to 8014, by striking ``8014''
and inserting ``8023'';
(3) in the matter relating to 8015, by striking ``8015''
and inserting ``8024'';
(4) by adding after the matter relating to section 8012 the
following:
``Sec. 8013. Energy sector security research, development, and
demonstration program.
``Sec. 8014. Grid resilience and emergency response.
``Sec. 8015. Best practices and guidance documents for energy sector
cybersecurity research.
``Sec. 8016. Vulnerability testing and technical assistance to improve
cybersecurity.
``Sec. 8017. Cybersecurity education and workforce training research
and standards.
``Sec. 8018. Interagency coordination and strategic plan for energy
sector cybersecurity research.
``Sec. 8019. Report to Congress.
``Sec. 8020. Critical infrastructure research and construction.
``Sec. 8021. Definitions.''.
(b) Sections 8013 through 8015 of division Z of the Consolidated
Appropriations Act, 2021 (Public Law 116-260) are redesignated as
sections 8022 through 8024, respectively.
<all>