Text: S.2095 — 116th Congress (2019-2020)All Information (Except Text)

Text available as:

Shown Here:
Reported to Senate (10/24/2019)

Calendar No. 267

116th CONGRESS
1st Session
S. 2095

[Report No. 116–147]


To provide for certain programs and developments in the Department of Energy concerning the cybersecurity and vulnerabilities of, and physical threats to, the electric grid, and for other purposes.


IN THE SENATE OF THE UNITED STATES

July 11, 2019

Mr. Gardner (for himself and Mr. Bennet) introduced the following bill; which was read twice and referred to the Committee on Energy and Natural Resources

October 24, 2019

Reported by Ms. Murkowski, without amendment


A BILL

To provide for certain programs and developments in the Department of Energy concerning the cybersecurity and vulnerabilities of, and physical threats to, the electric grid, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Enhancing Grid Security through Public-Private Partnerships Act”.

SEC. 2. Definitions.

In this Act:

(1) ELECTRIC RELIABILITY ORGANIZATION.—The term “Electric Reliability Organization” has the meaning given the term in section 215(a) of the Federal Power Act (16 U.S.C. 824o(a)).

(2) ELECTRIC UTILITY; STATE REGULATORY AUTHORITY.—The terms “electric utility” and “State regulatory authority” have the meanings given those terms in section 3 of the Federal Power Act (16 U.S.C. 796).

(3) SECRETARY.—The term “Secretary” means the Secretary of Energy.

SEC. 3. Program to promote and advance physical security and cybersecurity of electric utilities.

(a) Establishment.—The Secretary, in consultation with State regulatory authorities, industry stakeholders, the Electric Reliability Organization, and any other Federal agencies that the Secretary determines to be appropriate, shall carry out a program—

(1) to develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities;

(2) to assist with threat assessment and cybersecurity training for electric utilities;

(3) to provide technical assistance for electric utilities subject to the program;

(4) to provide training to electric utilities to address and mitigate cybersecurity supply chain management risks;

(5) to advance the cybersecurity of third-party vendors in partnerships with electric utilities; and

(6) to increase opportunities for sharing best practices and data collection within the electric sector.

(b) Scope.—In carrying out the program under subsection (a), the Secretary shall—

(1) take into consideration—

(A) the different sizes of electric utilities; and

(B) the regions that electric utilities serve;

(2) prioritize electric utilities with fewer available resources due to size or region; and

(3) to the maximum extent practicable, use and leverage—

(A) existing Department of Energy programs; and

(B) existing programs of the Federal agencies determined to be appropriate under subsection (a).

(c) Protection of information.—Information provided to, or collected by, the Federal Government pursuant to this section—

(1) shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and

(2) shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.

SEC. 4. Report on cybersecurity and distribution systems.

(a) In general.—Not later than 1 year after the date of enactment of this Act, the Secretary, in consultation with State regulatory authorities, industry stakeholders, and any other Federal agencies that the Secretary determines to be appropriate, shall submit to Congress a report that assesses—

(1) priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems, including behind-the-meter generation, storage, and load management devices, to address threats to, and vulnerabilities of, electricity distribution systems; and

(2) the implementation of the priorities, policies, procedures, and actions assessed under paragraph (1), including—

(A) an estimate of potential costs and benefits of the implementation; and

(B) an assessment of any public-private cost-sharing opportunities.

(b) Protection of information.—Information provided to, or collected by, the Federal Government under this section—

(1) shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and

(2) shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.


Calendar No. 267

116th CONGRESS
     1st Session
S. 2095
[Report No. 116–147]

A BILL
To provide for certain programs and developments in the Department of Energy concerning the cybersecurity and vulnerabilities of, and physical threats to, the electric grid, and for other purposes.

October 24, 2019
Reported without amendment
Share This