[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 914 Reported in Senate (RS)]
<DOC>
Calendar No. 580
118th CONGRESS
2d Session
S. 914
To establish an energy threat analysis center in the Department of
Energy.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
March 22, 2023
Mr. Risch (for himself and Mr. Manchin) introduced the following bill;
which was read twice and referred to the Committee on Energy and
Natural Resources
November 21, 2024
Reported by Mr. Manchin, with an amendment
[Strike out all after the enacting clause and insert the part printed
in italic]
_______________________________________________________________________
A BILL
To establish an energy threat analysis center in the Department of
Energy.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
<DELETED>SECTION 1. SHORT TITLE.</DELETED>
<DELETED> This Act may be cited as the ``Energy Threat Analysis
Center Establishment Act of 2023'' or the ``ETAC Establishment Act of
2023''.</DELETED>
<DELETED>SEC. 2. ENERGY THREAT ANALYSIS CENTER.</DELETED>
<DELETED> (a) Establishment.--As part of the program developed under
section 40125(c) of the Infrastructure Investment and Jobs Act (42
U.S.C. 18724(c)), there is established in the Department of Energy an
energy threat analysis center (referred to in this Act as the
``Center'')--</DELETED>
<DELETED> (1) to enhance situational awareness of threats to
the security of the energy sector;</DELETED>
<DELETED> (2) to analyze threats against the security of the
energy sector;</DELETED>
<DELETED> (3) to identify relevant security threat
mitigation measures for energy systems; and</DELETED>
<DELETED> (4) to support relevant response and restoration
activities for the energy sector under existing
constructs.</DELETED>
<DELETED> (b) Functions.--The functions of the Center shall
include--</DELETED>
<DELETED> (1) establishing an operational collaborative
environment, physical and virtual, for the government and
industry--</DELETED>
<DELETED> (A) to develop actionable operational
information relating to threats to the security of the
energy sector; and</DELETED>
<DELETED> (B) to develop and offer meaningful threat
mitigation advice and actions to enhance--</DELETED>
<DELETED> (i) the defense of, and response
to security threats to, the energy sector;
and</DELETED>
<DELETED> (ii) the resilience of the United
States energy sector;</DELETED>
<DELETED> (2) enabling an exchange of information on threat
activity among government and industry to address energy
security and resilience and shared energy sector security
threats relating to national security, public health, safety,
and the economy;</DELETED>
<DELETED> (3) improving detailed understanding of national
security risks associated with the energy sector that are or
could be exploited by adversaries, including nation-
states;</DELETED>
<DELETED> (4) achieving a deeper understanding of the
tactics, capabilities, and activities of threat actors that
have the potential to impact systemic risks to the energy
sector; and</DELETED>
<DELETED> (5) facilitating increased information sharing
between government and industry of actual acute threat
activity, including incidents, in a secure setting, physical
and virtual, to facilitate the energy security and resilience
of the United States.</DELETED>
<DELETED> (c) Coordination and Integration.--In carrying out the
responsibilities of the Center, the Center shall--</DELETED>
<DELETED> (1) coordinate with--</DELETED>
<DELETED> (A) the Department of Homeland Security,
including the Cybersecurity and Infrastructure Security
Agency;</DELETED>
<DELETED> (B) the Department of Defense, including
United States Cyber Command, the National Security
Agency, and the Army Interagency Training and Education
Center of the National Guard Bureau;</DELETED>
<DELETED> (C) the Department of Justice, including
the Federal Bureau of Investigation;</DELETED>
<DELETED> (D) the Office of the Director of National
Intelligence; and</DELETED>
<DELETED> (E) other Federal agencies and
departments, as determined by the Secretary of
Energy;</DELETED>
<DELETED> (2) ensure that the processes used by the Center
are performed in collaboration with the activities of the
Department of Homeland Security and the Department of Defense
relating to cybersecurity, including--</DELETED>
<DELETED> (A) the Joint Cyber Defense Collaborative
of the Cybersecurity and Infrastructure Security
Agency; and</DELETED>
<DELETED> (B) the Cybersecurity Collaboration Center
and Enduring Security Framework of the National
Security Agency;</DELETED>
<DELETED> (3) regularly consult with appropriate
representatives of non-Federal entities, such as--</DELETED>
<DELETED> (A) State, local, federally-recognized
Tribal, and territorial governments;</DELETED>
<DELETED> (B) information sharing and analysis
organizations, including information sharing and
analysis centers such as the Electricity Information
Sharing and Analysis Center operated by the North
American Electric Reliability Corporation;</DELETED>
<DELETED> (C) owners and operators of energy sector
infrastructure; and</DELETED>
<DELETED> (D) other appropriate representatives or
entities, including private entities, such as
manufacturers and vendors, that contribute to the
energy sector, as determined by the Secretary of
Energy;</DELETED>
<DELETED> (4) leverage the capabilities and services of
advanced technology providers, including--</DELETED>
<DELETED> (A) National Laboratories (as defined in
section 2 of the Energy Policy Act of 2005 (42 U.S.C.
15801)) with relevant capabilities;</DELETED>
<DELETED> (B) commercial threat intelligence
production entities; and</DELETED>
<DELETED> (C) energy infrastructure vendors and
integrators; and</DELETED>
<DELETED> (5) as appropriate, protect information submitted
to and shared by the Center consistent with applicable laws and
regulations.</DELETED>
<DELETED> (d) No Right or Benefit.--</DELETED>
<DELETED> (1) In general.--The provision of assistance or
information to governmental or private entities under this
section shall be at the sole and unreviewable discretion of the
Secretary of Energy.</DELETED>
<DELETED> (2) Certain assistance or information.--The
provision of certain assistance or information to a
governmental or private entity pursuant to this section shall
not create a right or benefit, substantive or procedural, for
any other governmental or private entity to similar assistance
or information.</DELETED>
<DELETED> (e) Entities of Concern.--No entity of concern (as defined
in section 10114(a) of the Research and Development, Competition, and
Innovation Act (Public Law 117-167)) shall participate in any manner in
carrying out the functions of the Center.</DELETED>
<DELETED> (f) Nonapplicability of FACA.--The Center shall be exempt
from complying with the requirements of chapter 10 of title 5, United
States Code (including regulations).</DELETED>
<DELETED> (g) Sunset.--The effectiveness of this section shall
terminate on the date that is 10 years after the date of enactment of
this Act.</DELETED>
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Energy Threat Analysis Program Act
of 2024'' or the ``ETAP Act of 2024''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Department.--The term ``Department'' means the
Department of Energy.
(2) Program.--The term ``Program'' means the energy threat
analysis program established under section 3.
(3) Secretary.--The term ``Secretary'' means the Secretary
of Energy.
SEC. 3. ENERGY THREAT ANALYSIS PROGRAM.
(a) In General.--As part of the program developed under section
40125(c) of the Infrastructure Investment and Jobs Act (42 U.S.C.
18724(c)), the Secretary shall establish an energy threat analysis
program--
(1) to facilitate the establishment of 1 or more
operational collaboration facilities, known collectively as the
Energy Threat Analysis Center, and facilitate public-private
operational collaboration within those facilities;
(2) to enhance situational awareness of threats to the
security of the energy sector;
(3) to analyze threats against the security of the energy
sector;
(4) to identify relevant security threat mitigation
measures for energy systems;
(5) to support relevant response and restoration activities
for the energy sector under existing constructs;
(6) to inform research and development activities in
support of the security of critical energy systems,
technologies, and components;
(7) to conduct other security and resilience efforts
identified by the Secretary;
(8) to enhance and periodically test the emergency response
capabilities of the Department;
(9) to expand cooperation of the Department with the
intelligence community for energy sector-related threat
collection and analysis;
(10) to enhance the tools of the Department and the
Electricity Information Sharing and Analysis Center for
monitoring the status of the energy sector; and
(11) to expand industry participation in the Electricity
Information Sharing and Analysis Center.
(b) Administration.--The Program shall be--
(1) directed by the Secretary;
(2) managed by the Office of Cybersecurity, Energy
Security, and Emergency Response; and
(3) supported by the Office of Intelligence and
Counterintelligence.
(c) Functions.--The functions of the Program shall include--
(1) supporting public-private operational collaboration for
the government and industry--
(A) to develop actionable operational information
relating to threats to the security of the energy
sector; and
(B) to develop and offer meaningful threat
mitigation advice and actions to enhance--
(i) the defense of, and response to
security threats to, the energy sector; and
(ii) the resilience of the United States
energy sector;
(2) enabling collaboration in the production and exchange
of information on threat activity among government and industry
to address energy security and resilience and shared energy
sector security threats relating to national security, public
health, safety, and the economy;
(3) improving detailed understanding of national security
risks associated with the energy sector that are or could be
exploited by adversaries, including nation-states;
(4) achieving a deeper understanding of the tactics,
capabilities, and activities of threat actors that have the
potential to impact systemic risks to the energy sector; and
(5) facilitating increased collaboration between government
and industry, including the sharing of information regarding
actual acute threat activity, including incidents, in a secure
setting, physical and virtual, to facilitate the energy
security and resilience of the United States.
(d) Coordination and Integration.--In carrying out the
responsibilities of the Program, the Program shall--
(1) align priorities of and enable support from--
(A) the Department of Homeland Security, including
the Cybersecurity and Infrastructure Security Agency;
(B) the Department of Defense, including United
States Cyber Command, the National Security Agency, and
the Army Interagency Training and Education Center of
the National Guard Bureau;
(C) the Department of Justice, including the
Federal Bureau of Investigation;
(D) the Office of the Director of National
Intelligence; and
(E) other Federal agencies and departments, as
determined by the Secretary;
(2) ensure that the processes used by the Program are
performed in collaboration with the activities of the
Department of Homeland Security and the Department of Defense
relating to cybersecurity, including--
(A) the Joint Cyber Defense Collaborative of the
Cybersecurity and Infrastructure Security Agency; and
(B) the Cybersecurity Collaboration Center and
Enduring Security Framework of the National Security
Agency;
(3) regularly consult with appropriate representatives of
non-Federal entities, such as--
(A) State, local, federally-recognized Tribal, and
territorial governments;
(B) information sharing and analysis organizations,
including information sharing and analysis centers such
as the Electricity Information Sharing and Analysis
Center; and
(C) other appropriate representatives or entities,
including private entities, such as manufacturers and
vendors, that contribute to the energy sector, as
determined by the Secretary;
(4) leverage the existing capabilities and services of
advanced technology providers, including--
(A) National Laboratories with relevant
capabilities;
(B) commercial threat intelligence production and
cyber incident response entities; and
(C) energy infrastructure vendors and integrators;
and
(5) as appropriate, protect information submitted to and
shared by the Program consistent with applicable laws,
regulations, policies, and procedures.
(e) No Right or Benefit.--
(1) In general.--The provision of assistance or information
to governmental or private entities under this section shall be
at the sole and unreviewable discretion of the Secretary.
(2) Certain assistance or information.--The provision of
certain assistance or information to a governmental or private
entity pursuant to this section shall not create a right or
benefit, substantive or procedural, for any other governmental
or private entity to similar assistance or information.
(f) Entities of Concern.--No entity of concern (as defined in
section 10114(a) of the Research and Development, Competition, and
Innovation Act (42 U.S.C. 18912(a))) shall participate in any manner in
carrying out the functions of the Program.
(g) Termination.--The Program shall terminate on the date that is
10 years after the date of enactment of this Act.
(h) Nonapplicability of FACA.--The Program shall be exempt from
complying with the requirements of chapter 10 of title 5, United States
Code (including regulations).
(i) Exemption From Disclosure.--Information shared by or with the
Federal Government or a State, Tribal, or local government under this
Act shall be--
(1) deemed to be voluntarily shared information;
(2) exempt from disclosure under section 552 of title 5,
United States Code, or any provision of any State, Tribal, or
local freedom of information law, open government law, open
meetings law, open records law, sunshine law, or similar law
requiring the disclosure of information or records; and
(3) withheld from the public, without discretion, under
section 552(b)(3) of title 5, United States Code, or any
provision of any State, Tribal, or local law requiring the
nondisclosure of sensitive information or records.
(j) Report.--The Secretary shall submit to Congress an annual
report that describes, for the year covered by the report--
(1) the achievements of the Program; and
(2) areas for improvement with respect to the activities
and operations of the Program.
(k) Authorization of Appropriations.--There is authorized to be
appropriated to the Secretary to carry out section 40125(c)(2) of the
Infrastructure Investment and Jobs Act (42 U.S.C. 18724(c)(2))
$50,000,000 for the period of fiscal years 2025 through 2029.
Calendar No. 580
118th CONGRESS
2d Session
S. 914
_______________________________________________________________________
A BILL
To establish an energy threat analysis center in the Department of
Energy.
_______________________________________________________________________
November 21, 2024
Reported with an amendment