S.2095 - Enhancing Grid Security through Public-Private Partnerships Act116th Congress (2019-2020)

Calendar No. 267

[Report No. 116–147]

To provide for certain programs and developments in the Department of Energy concerning the cybersecurity and vulnerabilities of, and physical threats to, the electric grid, and for other purposes.

To provide for certain programs and developments in the Department of Energy concerning the cybersecurity and vulnerabilities of, and physical threats to, the electric grid, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

SEC. 2. Definitions.

(1) ELECTRIC RELIABILITY ORGANIZATION.—The term “Electric Reliability Organization” has the meaning given the term in section 215(a) of the Federal Power Act (16 U.S.C. 824o(a)).

(2) ELECTRIC UTILITY; STATE REGULATORY AUTHORITY.—The terms “electric utility” and “State regulatory authority” have the meanings given those terms in section 3 of the Federal Power Act (16 U.S.C. 796).

(3) SECRETARY.—The term “Secretary” means the Secretary of Energy.

SEC. 3. Program to promote and advance physical security and cybersecurity of electric utilities.

(a) Establishment.—The Secretary, in consultation with State regulatory authorities, industry stakeholders, the Electric Reliability Organization, and any other Federal agencies that the Secretary determines to be appropriate, shall carry out a program—

(1) to develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities;

(2) to assist with threat assessment and cybersecurity training for electric utilities;

(3) to provide technical assistance for electric utilities subject to the program;

(4) to provide training to electric utilities to address and mitigate cybersecurity supply chain management risks;

(5) to advance the cybersecurity of third-party vendors in partnerships with electric utilities; and

(6) to increase opportunities for sharing best practices and data collection within the electric sector.

(b) Scope.—In carrying out the program under subsection (a), the Secretary shall—

(1) take into consideration—

(A) the different sizes of electric utilities; and

(B) the regions that electric utilities serve;

(2) prioritize electric utilities with fewer available resources due to size or region; and

(3) to the maximum extent practicable, use and leverage—

(A) existing Department of Energy programs; and

(B) existing programs of the Federal agencies determined to be appropriate under subsection (a).

(c) Protection of information.—Information provided to, or collected by, the Federal Government pursuant to this section—

(1) shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and

(2) shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.

SEC. 4. Report on cybersecurity and distribution systems.

(a) In general.—Not later than 1 year after the date of enactment of this Act, the Secretary, in consultation with State regulatory authorities, industry stakeholders, and any other Federal agencies that the Secretary determines to be appropriate, shall submit to Congress a report that assesses—

(1) priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems, including behind-the-meter generation, storage, and load management devices, to address threats to, and vulnerabilities of, electricity distribution systems; and

(2) the implementation of the priorities, policies, procedures, and actions assessed under paragraph (1), including—

(A) an estimate of potential costs and benefits of the implementation; and

(B) an assessment of any public-private cost-sharing opportunities.

(b) Protection of information.—Information provided to, or collected by, the Federal Government under this section—

(1) shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and

(2) shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.