September 29, 2020 - Issue: Vol. 166, No. 169 — Daily Edition116th Congress (2019 - 2020) - 2nd Session
All in House sectionPrev13 of 99Next
ENHANCING GRID SECURITY THROUGH PUBLIC-PRIVATE PARTNERSHIPS ACT; Congressional Record Vol. 166, No. 169
(House of Representatives - September 29, 2020)
Text available as:
Formatting necessary for an accurate reading of this text may be shown by tags (e.g., <DELETED> or <BOLD>) or may be missing from this TXT display. For complete and accurate display of this text, see the PDF.
[Pages H4969-H4971] From the Congressional Record Online through the Government Publishing Office [www.gpo.gov] ENHANCING GRID SECURITY THROUGH PUBLIC-PRIVATE PARTNERSHIPS ACT Mr. PALLONE. Mr. Speaker, I move to suspend the rules and pass the bill (H.R. 359) to provide for certain programs and developments in the Department of Energy concerning the cybersecurity and vulnerabilities of, and physical threats to, the electric grid, and for other purposes, as amended. The Clerk read the title of the bill. The text of the bill is as follows: H.R. 359 Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, [[Page H4970]] SECTION 1. SHORT TITLE. This Act may be cited as the ``Enhancing Grid Security through Public-Private Partnerships Act''. SEC. 2. PROGRAM TO PROMOTE AND ADVANCE PHYSICAL SECURITY AND CYBERSECURITY OF ELECTRIC UTILITIES. (a) Establishment.--The Secretary of Energy, in coordination with relevant Federal agencies and in consultation with State regulatory authorities, industry stakeholders, and the Electric Reliability Organization, as the Secretary determines appropriate, shall carry out a program to-- (1) develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities; (2) provide training to electric utilities to address and mitigate cybersecurity supply chain management risks; (3) increase opportunities for sharing best practices and data collection within the electric sector; (4) assist with cybersecurity training for electric utilities; (5) advance the cybersecurity of third-party vendors that work in partnerships with electric utilities; and (6) provide technical assistance for electric utilities subject to the program. (b) Scope.--In carrying out the program under subsection (a), the Secretary of Energy shall-- (1) take into consideration different sizes of electric utilities and the regions that such electric utilities serve; (2) prioritize electric utilities with fewer available resources due to size or region; and (3) to the extent practicable, utilize and leverage existing Department of Energy programs. (c) Protection of Information.--Information provided to, or collected by, the Federal Government pursuant to this section-- (1) shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and (2) shall not be made available by any Federal, State, political subdivision or tribal authority pursuant to any Federal, State, political subdivision, or tribal law requiring public disclosure of information or records. SEC. 3. REPORT ON CYBERSECURITY AND DISTRIBUTION SYSTEMS. (a) In General.--The Secretary of Energy, in coordination with relevant Federal agencies and in consultation with State regulatory authorities, industry stakeholders, and the Electric Reliability Organization, as the Secretary determines appropriate, shall submit to Congress a report that assesses-- (1) priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems to address threats to, and vulnerabilities of, such electricity distribution systems; and (2) implementation of such priorities, policies, procedures, and actions, including an estimate of potential costs and benefits of such implementation, including any public-private cost-sharing opportunities. (b) Protection of Information.--Information provided to, or collected by, the Federal Government pursuant to this section-- (1) shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and (2) shall not be made available by any Federal, State, political subdivision or tribal authority pursuant to any Federal, State, political subdivision, or tribal law requiring public disclosure of information or records. SEC. 4. ELECTRICITY INTERRUPTION INFORMATION. (a) Interruption Cost Estimate Calculator.--The Secretary of Energy, in coordination with relevant Federal agencies and in consultation with State regulatory authorities, industry stakeholders, and the Electric Reliability Organization, as the Secretary determines appropriate, shall update the Interruption Cost Estimate Calculator, as often as appropriate and feasible, but not less than once every 2 years. (b) Indices.--The Secretary of Energy, in coordination with relevant Federal agencies and in consultation with State regulatory authorities, industry stakeholders, and the Electric Reliability Organization, as the Secretary determines appropriate, shall, as often as appropriate and feasible, update the following: (1) The System Average Interruption Duration Index. (2) The System Average Interruption Frequency Index. (3) The Customer Average Interruption Duration Index. (c) Survey.--The Administrator of the Energy Information Administration shall collect information on electricity interruption costs, if available, from a representative sample of owners of electric grid assets through a biennial survey. SEC. 5. DEFINITIONS. In the Act, the following definitions apply: (1) Electric reliability organization.--The term ``Electric Reliability Organization'' has the meaning given such term in section 215(a)(2) of the Federal Power Act (16 U.S.C. 824o(a)(2)). (2) Electric utility.--The term ``electric utility'' has the meaning given such term in section 3 of the Federal Power Act (16 U.S.C. 796). (3) State regulatory authority.--The term ``State regulatory authority'' has the meaning given such term in section 3 of the Federal Power Act (16 U.S.C. 796). The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New Jersey (Mr. Pallone) and the gentleman from Oregon (Mr. Walden) each will control 20 minutes. The Chair recognizes the gentleman from New Jersey. General Leave Mr. PALLONE. Mr. Speaker, I ask unanimous consent that all Members may have 5 legislative days in which to revise and extend their remarks and include extraneous material on H.R. 359. The SPEAKER pro tempore. Is there objection to the request of the gentleman from New Jersey? There was no objection. Mr. PALLONE. Mr. Speaker, I yield myself such time as I may consume. Mr. Speaker, I want to begin by acknowledging the leadership of two of my Energy and Commerce Committee colleagues, Representative McNerney of California and Representative Latta of Ohio, for introducing H.R. 359, the Enhancing Grid Security Through Public-Private Partnerships Act. This bill will go a long way in addressing both the physical and cybersecurity of the Nation's utilities. H.R. 359 directs the Secretary of Energy, in consultation with the Electric Reliability Organization, States, other Federal agencies, and industry stakeholders, to create and implement a program to enhance the physical and cybersecurity of electric utilities. Now, some of the critical provisions within this bill include the voluntary implementation of self-assessments, maturity modeling, and auditing. This bill also includes cybersecurity training in order to help mitigate supply chain risk. Utilities would also be encouraged to share best practices and data collection within the electric sector, while also improving the cybersecurity of third-party utility vendors. H.R. 359 also directs the Secretary of Energy to deliver a report to Congress on general cybersecurity concerns and distribution systems. Any information that is provided to the Department of Energy under this program would be protected to ensure the confidentiality of this sensitive information. And like the other two cybersecurity bills we already have passed today; this legislation requires the Secretary of Energy to coordinate with the Department of Homeland Security and other relevant Federal agencies to ensure good communication and smooth implementation across the government. Finally, Mr. Speaker, the bill instructs the Secretary of Energy to update the Interruption Cost Estimate, or ICE, Calculator at least once every 2 years. The ICE Calculator, which was developed through a partnership between the Department of Energy's Lawrence Berkeley Lab and Nexant, Inc., is an electric reliability planning tool that can be used for estimating electricity interruption costs and the benefits associated with reliability improvements. So, Mr. Speaker, H.R. 359 is an important piece of legislation that will help address the security of America's electric utilities, and I urge all my colleagues to support this bill. Mr. Speaker, I reserve the balance of my time. Mr. WALDEN. Mr. Speaker, I yield myself such time as I may consume. Mr. Speaker, H.R. 359, the Enhancing Grid Security Through Public- Private Partnerships Act, was authored by my Energy and Commerce Committee colleagues Mr. McNerney and Mr. Latta. The bill was reported unanimously from the Energy and Commerce Committee as an important measure for strengthening the cybersecurity and resilience in the energy systems used to deliver power to our homes and businesses. Mr. Speaker, protecting our Nation's critical electric infrastructure is a shared responsibility. It requires robust partnerships between industry and the government to leverage strength and ensure the responsive and resilient system that the public needs and relies upon. H.R. 359 focuses on these very partnerships. The bill would establish a program to facilitate and encourage public-private partnerships to promote and enhance physical and cybersecurity of electric utilities. The bill would require the Secretary of Energy to deploy the Department of [[Page H4971]] Energy's world-class technical know-how to assist utilities with cybersecurity practices and procedures, especially those utilities that have fewer resources due to their size or the region in which they are located. It would foster development of maturity models, self-assessments, and auditing methods. It would provide training and technical assistance to electric utilities to address and mitigate cybersecurity supply chain management risks. And H.R. 359 would increase opportunities for sharing best practices and data collection within the electric sector. The amended version of the bill also makes clear the Department of Energy will work as appropriate with other Federal agencies to safeguard the electric system. A vote for H.R. 359 is a vote for providing an important new tool to protect our Nation yet once again from these very serious cybersecurity threats. Mr. Speaker, I urge support of the legislation, and I reserve the balance of my time. Mr. PALLONE. Mr. Speaker, I yield such time as he may consume to the gentleman from California (Mr. McNerney). Mr. McNERNEY. Mr. Speaker, I thank the chairman for yielding. In today's cyber environment, it is more important than ever that Congress pursue policies that continue to support our grid infrastructure and secure it against potential physical and cyber threats. This is an issue I feel very passionate about, as the grid is the backbone of our economy and touches every aspect of our lives. Any vulnerable component is a threat to our physical and national security, as well as our clean energy future, making it imperative that we invest in grid modernization and security. That is why I am proud to co-chair the bipartisan Grid Innovation Caucus along with my good friend from across the aisle, Mr. Latta from Ohio. Together, we are focused on providing a forum for discussing solutions to the many challenges facing the grid and to educate Members of Congress and staff about the importance of the electric grid with relation to the economy, energy security, and advanced technologies being utilized to enhance grid capabilities. Time is of the essence, as a recent report from the Congressional Research Service found that our Nation's bulk-power system faces new and evolving cybersecurity threats on a daily basis. These cyberattacks can take multiple forms, such as a direct attack aimed at the electric grid itself or an indirect attack aimed at other critical infrastructure, which in turn could impact the operation of the security of the grid. Recent cyber threats to the electric grid, such as the Triton and BlackEnergy attacks, have come in the form of deposits of malware on grid industrial control system networks, which possess the capability to damage or take over certain aspects of system control or functionality. In addition to this, future cyber threats to the grid are expected to result from attacks directed via the Internet of Things devices connected to networks. As the CRS report noted, an example of such an IoT-based attack on residential or commercial thermostats could result in false power demand readings, causing a utility to ramp up power production unnecessarily. Without proactive management of cyber threats facing the grid, utilities across the Nation will continue to be highly vulnerable to potentially significant attacks. My bill, which I introduced along with Mr. Latta, assists us in this effort to bolster America's electrical infrastructure by encouraging coordination between the Department of Energy and electric utilities. It accomplishes this by creating a program to enhance the physical and cybersecurity of electric utilities through assessing security vulnerabilities, increasing cybersecurity training, and data collection. My bill would also require the Interruption Cost Estimate Calculator--which is used to calculate the return on investment on utility investments--to be updated at least every 2 years to ensure accurate calculations. By encouraging partnerships among the DOE, State regulatory authorities, industry stakeholders, and other Federal agencies to promote and advance physical security and cybersecurity for electric utilities, we can best position ourselves to keep the Nation's lights on and to insulate our economy against future cyber threats. Mr. Speaker, I thank the chairman of the full committee, Mr. Pallone, for moving this bill forward, and I thank the ranking member of the full committee for helping move this forward. Mr. Speaker, I urge my fellow colleagues to support this bill. Mr. WALDEN. Mr. Speaker, I thank the prior speaker for his comments and great work on these pieces of legislation. Together, we are doing what we can to protect America's energy sector from attack, and I thank Mr. McNerney and others on the committee for their work. Mr. Speaker, I urge passage of the bill, and I yield back the balance of my time. Mr. PALLONE. Mr. Speaker, I also ask all Members to support this legislation, and I yield back the balance of my time. The SPEAKER pro tempore. The question is on the motion offered by the gentleman from New Jersey (Mr. Pallone) that the House suspend the rules and pass the bill, H.R. 359, as amended. The question was taken; and (two-thirds being in the affirmative) the rules were suspended and the bill, as amended, was passed. A motion to reconsider was laid on the table. ____________________
All in House sectionPrev13 of 99Next