September 29, 2020 - Issue: Vol. 166, No. 169 — Daily Edition116th Congress (2019 - 2020) - 2nd Session
All in House sectionPrev12 of 99Next
CYBER SENSE ACT OF 2020; Congressional Record Vol. 166, No. 169
(House of Representatives - September 29, 2020)
Text available as:
Formatting necessary for an accurate reading of this text may be shown by tags (e.g., <DELETED> or <BOLD>) or may be missing from this TXT display. For complete and accurate display of this text, see the PDF.
[Pages H4968-H4969] From the Congressional Record Online through the Government Publishing Office [www.gpo.gov] CYBER SENSE ACT OF 2020 Mr. PALLONE. Mr. Speaker, I move to suspend the rules and pass the bill (H.R. 360) to require the Secretary of Energy to establish a voluntary Cyber Sense program to test the cybersecurity of products and technologies intended for use in the bulk-power system, and for other purposes, as amended. The Clerk read the title of the bill. The text of the bill is as follows: H.R. 360 Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Cyber Sense Act of 2020''. SEC. 2. CYBER SENSE. (a) In General.--The Secretary of Energy, in coordination with relevant Federal agencies, shall establish a voluntary Cyber Sense program to test the cybersecurity of products and technologies intended for use in the bulk-power system, as defined in section 215(a) of the Federal Power Act (16 U.S.C. 824o(a)). (b) Program Requirements.--In carrying out subsection (a), the Secretary of Energy shall-- (1) establish a testing process under the Cyber Sense program to test the cybersecurity of products and technologies intended for use in the bulk-power system, including products relating to industrial control systems and operational technologies, such as supervisory control and data acquisition systems; (2) for products and technologies tested under the Cyber Sense program, establish and maintain cybersecurity vulnerability reporting processes and a related database; (3) provide technical assistance to electric utilities, product manufacturers, and other electricity sector stakeholders to develop solutions to mitigate identified cybersecurity vulnerabilities in products and technologies tested under the Cyber Sense program; (4) biennially review products and technologies tested under the Cyber Sense program for cybersecurity vulnerabilities and provide analysis with respect to how such products and technologies respond to and mitigate cyber threats; (5) develop guidance, that is informed by analysis and testing results under the Cyber Sense program, for electric utilities for procurement of products and technologies; (6) provide reasonable notice to the public, and solicit comments from the public, prior to establishing or revising the testing process under the Cyber Sense program; (7) oversee testing of products and technologies under the Cyber Sense program; and (8) consider incentives to encourage the use of analysis and results of testing under the Cyber Sense program in the design of products and technologies for use in the bulk-power system. (c) Disclosure of Information.--Any cybersecurity vulnerability reported pursuant to a process established under subsection (b)(2), the disclosure of which the Secretary of Energy reasonably foresees would cause harm to critical electric infrastructure (as defined in section 215A of the Federal Power Act), shall be deemed to be critical electric infrastructure information for purposes of section 215A(d) of the Federal Power Act. (d) Federal Government Liability.--Nothing in this section shall be construed to authorize the commencement of an action against the United States Government with respect to the testing of a product or technology under the Cyber Sense program. The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New Jersey (Mr. Pallone) and the gentleman from Oregon (Mr. Walden) each will control 20 minutes. The Chair recognizes the gentleman from New Jersey. General Leave Mr. PALLONE. Mr. Speaker, I ask unanimous consent that all Members may have 5 legislative days in which to revise and extend their remarks and include extraneous material on H.R. 360. The SPEAKER pro tempore. Is there objection to the request of the gentleman from New Jersey? There was no objection. Mr. PALLONE. Mr. Speaker, I yield myself such time as I may consume. Mr. Speaker, I rise in support of H.R. 360, the Cyber Sense Act of 2020. Grid security is a national security issue and one that is clearly and properly delegated under law to the Secretary of Energy to manage together with the industry. We must give the electric sector the tools and technologies necessary to protect our grid from malicious harm. Fortunately, there has not yet been a broad cyberattack that has taken down large parts of the grid in the United States, but we must not let our guard down. H.R. 360 gives the Department of Energy important and new authorities to facilitate more secure technologies and equipment in our Nation's grid. It also now requires the Secretary to coordinate with the Department of Homeland Security and other relevant Federal agencies in order to ensure smooth and seamless implementation across the Federal Government. This bill requires the Department of Energy to set up a voluntary Cyber Sense program to identify cyber-secure products that could be used in the bulk-power system. This program would also provide technical assistance to electric utilities and product manufacturers to assist them in developing solutions to mitigate cyber vulnerabilities in the grid. I thank my colleagues, Representative McNerney and Representative Latta, for their hard work on this critical issue. Their partnership and bipartisan leadership on cybersecurity matters continues to benefit us all. Mr. Speaker, I urge my colleagues to support this important bill, and I reserve the balance of my time. Mr. WALDEN. Mr. Speaker, I yield myself such time as I may consume. Mr. Speaker, H.R. 360, the Cyber Sense Act, was authored and introduced by my Energy and Commerce Committee colleagues, Mr. Latta and Mr. McNerney. The bill was reported unanimously from the Energy and Commerce Committee to improve the cybersecurity of the supply chains for the components of our Nation's electricity infrastructure. To ensure the security of our Nation's electricity grid means we must ensure bulk-power system components and technologies are not vulnerable to cyber threats and attacks. This is especially important, given the threats our nation-state adversaries pose to the bulk-power and electric systems, as indicated by the President's May 1, 2020, executive order giving the Department of Energy authority to take action to protect the bulk-power system. This bill would help that effort. H.R. 360 would establish a voluntary Department of Energy program that identifies and promotes cyber-secure products intended for use in the bulk-power system, including products related to industrial control systems. The bill would authorize the Department of Energy to provide technical assistance to electric utilities, product manufacturers, and other electricity sector stakeholders to help mitigate identified cybersecurity vulnerabilities. The bill also was amended to make clear these efforts of the Department of Energy would include, as appropriate, other relevant Federal agencies like the Department of Homeland Security. Mr. Speaker, a vote for H.R. 360 is a vote for providing an important new tool to electric utility supply chains from cybersecurity threats. I urge support of the legislation, and I reserve the balance of my time. Mr. PALLONE. Mr. Speaker, I yield such time as he may consume to the gentleman from California (Mr. McNerney). Mr. McNERNEY. Mr. Speaker, for lawmakers to encourage and enable innovative advancements that can improve the security and reliability of our Nation's energy grid, we must work on a bipartisan basis, as the bills under consideration show. Fortunately, the modernization and innovation of our Nation's energy infrastructure is already under way. What was once a one-way delivery system has evolved into a dynamic network where information and energy flow both ways. Technological advancements are also born from the need to secure the energy grid against potential physical and cyber threats. For example, the technology allowing for the rerouting of power and quick response in the event of attacks is being deployed across the grid. The cooperation among Federal, State, and local governments is essential to protecting Americans and our [[Page H4969]] Nation's infrastructure. Given today's cyber environment, it is more important than ever that Congress pursue policies that continue to foster these exciting developments and support our grid infrastructure. This bill, the Cyber Sense Act of 2019, makes important headway in protecting our critical grid infrastructure. The Cyber Sense Act would create a voluntary program through the Department of Energy to identify cyber-secure products intended for use in the bulk-power grid through a testing and verification program. The bill also establishes a testing process for products, along with a reporting process for cyber vulnerabilities. It would require the Secretary of Energy to keep a related database on the products which will aid electric utilities that are evaluating products and their potential to cause harm to the electric grid. The bulk-power system supports American industry and provides all the benefits of reliable electric power to the American people. However, the increasing frequency of cyberattacks on industrial control systems of critical infrastructure importance continues to be a concern to the electric power sector. As the grid is modernized and the digital advantages afforded by internet connectivity are adopted, it is essential that we ensure these systems are as secure as possible. Any vulnerable component in the grid is a threat to our security, and this bill will go a long way to strengthening our system. I thank my colleague, Mr. Latta, for his partnership in our efforts as co-chairs of the Grid Innovation Caucus, and I look forward to continuing to work with him and others to ensure a more secure and resilient grid. Mr. Speaker, I urge my fellow Members to support this bill. Mr. WALDEN. Mr. Speaker, I yield such time as he may consume to the gentleman from Ohio (Mr. Latta), the coauthor of this bill. {time} 1230 Mr. LATTA. Mr. Speaker, I thank the gentleman, my friend, the ranking Republican Member of the Energy and Commerce Committee, for yielding. I rise in support of my legislation, H.R. 360, the Cyber Sense Act. This legislation is one of two bipartisan bills that my friend from California, Congressman McNerney, and I have worked on over the past two Congresses to improve the resiliency of our Nation's electric grid against cyberattacks. The second, H.R. 359, will be considered following this debate, and I urge my colleagues to also support it. Mr. Speaker, over the last quarter century, we have seen incredible changes in the way we communicate with the rest of the world and the way we engage in commerce. Along with these changes, we have also seen innovations in technologies that power society, resulting in a more efficient and streamlined electric grid. Our country's grid has maintained a high level of reliability as our society has undertaken these changes, which is a fact that should not be taken for granted. Unfortunately, the promise of a more interconnected society also means we must also address the challenges and vulnerabilities that arise with it. Every day, malignant actors, ranging from individuals, hackers, and foreign states, are attempting to exploit vulnerabilities in our electric grid to cause chaos or for other nefarious purposes. To improve and protect our Nation's grid, I introduced the Cyber Sense Act, which would create a voluntary Cyber Sense program within the United States Department of Energy to identify and promote cyber- secure products for use in the bulk-power system. It would also establish a testing process for the products along with a reporting process of cybersecurity vulnerability. This legislation was unanimously reported out of the Energy and Commerce Committee last year and is supported by the Department of Energy, and industry. Mr. Speaker, I thank the full committee Chairman Pallone, Subcommittee Chairman Rush; the full committee Republican Ranking Member Walden, and also subcommittee Ranking Member Upton; and both the majority and minority E&C staff for helping us get these bills where they are today. Mr. Speaker, I urge my colleagues to support the Cyber Sense Act as well as H.R. 359. Mr. WALDEN. Mr. Speaker, I have no other speakers on this side. I would just encourage my colleagues to join me in supporting passage of H.R. 360. Mr. Speaker, I yield back the balance of my time. Mr. PALLONE. Mr. Speaker, I have no additional Members that wish to speak. Mr. Speaker, I enter into the Record a letter to the Speaker and the minority leader from the American Public Power Association, Edison Electric Institute, and the National Rural Electric Cooperative Association in support of this legislation. September 28, 2020. Hon. Nancy Pelosi, House of Representatives, Washington, DC. Hon. Kevin McCarthy, House of Representatives, Washington, DC. Dear Speaker Pelosi and Minority Leader McCarthy: We are writing in support of full House consideration of three electric grid security bills passed by the House Energy and Commerce Committee: H.R. 359, the Enhancing Grid Security through Public-Private Partnerships Act; H.R. 360, the Cyber Sense Act of 2020; and H.R. 362, the Energy Emergency Leadership Act. APPA is the national service organization for not-for- profit, community-owned utilities that power 2,000 towns and cities nationwide. Public power utilities account for over 15 percent of all electric sales to over 49 million customers in every state but Hawaii. EEI is the association that represents all U.S. investor-owned electric companies. EEI members provide electricity for about 220 million Americans, and operate in all 50 states and the District of Columbia. NRECA is the national service organization representing the interests of cooperative electric utilities and the consumers they serve. More than 900 not-for-profit rural electric utilities provide electricity to over 42 million people in 48 states. Protecting and maintaining electric sector security and reliability is a top priority for our associations and our members. To keep up with evolving threats, the industry welcomes close coordination with government partners. The bills scheduled for consideration by the House this week are aimed at strengthening our shared responsibility to protect the nation's critical infrastructure. We are particularly supportive of H.R. 359 and H.R. 362. H.R. 359 directs DOE to establish a program to facilitate and encourage public- private partnerships to promote and advance the physical and cybersecurity of the electric power sector. H.R. 362 would amend the DOE Organization Act to include energy emergency and energy security among the functions that the Secretary assigns to an Assistant Secretary, with the intent to clarify and codify the functions of DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Thank you for your consideration. We appreciate your leadership and efforts to help improve the security of our nation's electric grid. Sincerely, American Public Power Association. Edison Electric Institute. National Rural Electric Cooperative Association. Mr. PALLONE. Mr. Speaker, I ask my colleagues to support this important bill, and I yield back the balance of my time. The SPEAKER pro tempore. The question is on the motion offered by the gentleman from New Jersey (Mr. Pallone) that the House suspend the rules and pass the bill, H.R. 360, as amended. The question was taken; and (two-thirds being in the affirmative) the rules were suspended and the bill, as amended, was passed. A motion to reconsider was laid on the table. ____________________
All in House sectionPrev12 of 99Next