PDF(PDF provides a complete and accurate display of this text.)Tip?
Calendar No. 267
116th Congress } { Report
SENATE
1st Session } { 116-147
======================================================================
ENHANCING GRID SECURITY THROUGH PUBLIC-PRIVATE PARTNERSHIPS ACT
_______
October 24, 2019.--Ordered to be printed
_______
Ms. Murkowski, from the Committee on Energy and Natural
Resources, submitted the following
R E P O R T
[To accompany S. 2095]
The Committee on Energy and Natural Resources, to which was
referred the bill (S. 2095) to provide for certain programs and
developments in the Department of Energy concerning the
cybersecurity and vulnerabilities of, and physical threats to,
the electric grid, and for other purposes, having considered
the same, reports favorably thereon without amendment and
recommends that the bill do pass.
PURPOSE
The purpose of S. 2095 is to provide for certain programs
and developments in the Department of Energy (DOE) concerning
the cybersecurity and vulnerabilities of, and physical threats
to, the electric grid.
BACKGROUND AND NEED
The United States' electric grid is comprised of a vast
network of transmission and distribution systems that deliver
electricity from producers to consumer homes and businesses.
Many sectors of our economy, including healthcare and
manufacturing, simply cannot operate without a reliable supply
of electricity. As advances in digital and information
technology continue to electrify our daily lives, our exposure
to a potentially devastating cyber or physical attack on the
grid increases.
A number of federal agencies are responsible for protecting
our electric grid from physical and cyber threats, including
DOE and the Federal Energy Regulatory Commission (FERC). DOE
works closely with electric sector owners and operators to
detect and mitigate risks to critical electric infrastructure,
and to develop tools and other resources to assist the sector
in evaluating and improving their security preparedness. With
the enactment of the Fixing America's Surface Transportation
Act (Public Law 114-94) in 2015, Congress codified DOE as the
Sector-Specific Agency for cybersecurity for the energy sector.
With respect to FERC, the Energy Policy Act of 2005 (Public
Law 109-58) created the Electric Reliability Organization (ERO)
to develop mandatory reliability standards for the electric
transmission system, including physical and cybersecurity
standards. The law tasked FERC with approving and enforcing
these mandatory standards--violations of which that can result
in penalties of up to $1 million per violation per day.
S. 2095 would facilitate and strengthen public-private
partnerships to promote and advance the physical and cyber
security of electric utilities. Specifically, S. 2095 would
require DOE to consult with the electric industry and the ERO
to carry out a program to assess the security of the grid,
conduct cybersecurity training, advance supply chain
cybersecurity, and share best practices.
S. 2095 would also require DOE to submit a report to
Congress on the physical and cyber threat vulnerabilities of
the distribution system, which is not subject to the ERO's
mandatory standards.
LEGISLATIVE HISTORY
S. 2095 was introduced by Senators Gardner and Bennet on
July 11, 2019. The Subcommittee on Energy held a hearing on the
measure on September 11, 2019.
Similar legislation, H.R. 359, was introduced in the House
of Representatives by Representatives McNerney (D-CA) and Latta
(R-OH) on January 9, 2019. H.R. 359 was referred to the Energy
and Commerce Committee, which favorably reported the measure by
voice vote on July 17, 2019.
In the 115th Congress, Senators Gardner and Bennet
introduced similar legislation, S. 3677, on November 29, 2018.
H.R. 5240, was introduced in the House of Representatives
by Representatives McNerney (D-CA) and Latta (R-OH) on March 9,
2018. H.R. 5240 was referred to the Energy and Commerce
Committee which favorably reported the measure by voice vote on
June 28, 2018.
The Senate Committee on Energy and Natural Resources met in
open business session on September 25, 2019, and ordered S.
2095 favorably reported.
COMMITTEE RECOMMENDATION
The Senate Committee on Energy and Natural Resources, in
open business session on September 25, 2019, by a majority
voice vote of a quorum present, recommends that the Senate pass
S. 2095.
SECTION-BY-SECTION ANALYSIS
Section 1. Short title
Section 1 sets forth the short title of the bill.
Sec. 2. Definitions
Section 2 provides key definitions.
Sec. 3. Program to promote and advance physical security and
cybersecurity of electric utilities
Section 3(a) requires the Secretary, in consultation with
State regulatory authorities, industry, the ERO, and other
relevant Federal agencies, to carry out a program to promote
and advance the physical security and cybersecurity of electric
vehicles. The section specifies that the program is to develop
and provide for the voluntary implementation of methods for
assessing the physical and cybersecurity of electric utilities;
assist with threat assessment and cybersecurity training;
provide technical assistance; provide training for
cybersecurity supply chain management risks; advance the
cybersecurity of third-party vendors; and increase
opportunities for sharing best practices and collecting data
within the electric sector.
Subsection (b) directs the Secretary to take into
consideration the different sizes and regions of electric
utilities and requires the Secretary to prioritize those
electric utilities with fewer available resources. This
subsection further requires the Secretary to use existing
programs at DOE or other Federal agencies to the maximum extent
practicable.
Subsection (c) protects information provided to or
collected by the Federal government under this section by
exempting such information from Federal, State, and Tribal
public information disclosure laws.
Sec. 4. Report on cybersecurity and distribution systems
Section 4(a) requires the Secretary, in consultation with
State regulatory authorities, industry, and other relevant
Federal agencies, to submit a report to Congress that assesses
priorities, policies, procedures, and actions for enhancing the
physical security and cybersecurity of electricity distribution
systems, and their implementation.
Subsection (b) protects information provided to or
collected by the Federal government under this section by
exempting such information from Federal, State, and Tribal
public information disclosure laws.
COST AND BUDGETARY CONSIDERATIONS
The Congressional Budget Office estimate of the costs of
this measure has been requested but was not received at the
time the report was filed. When the Congressional Budget Office
completes its cost estimate, it will be posted on the internet
at www.cbo.gov.
REGULATORY IMPACT EVALUATION
In compliance with paragraph 11(b) of rule XXVI of the
Standing Rules of the Senate, the Committee makes the following
evaluation of the regulatory impact which would be incurred in
carrying out S. 2095. The bill is not a regulatory measure in
the sense of imposing Government-established standards or
significant economic responsibilities on private individuals
and businesses.
No personal information would be collected in administering
the program. Therefore, there would be no impact on personal
privacy.
Little, if any, additional paperwork would result from the
enactment of S. 2095, as ordered reported.
CONGRESSIONALLY DIRECTED SPENDING
S. 2095, as ordered reported, does not contain any
congressionally directed spending items, limited tax benefits,
or limited tariff benefits as defined in rule XLIV of the
Standing Rules of the Senate.
EXECUTIVE COMMUNICATIONS
The testimony provided by the Department of Energy at the
September 11, 2019, hearing on S. 2095 follows:
Testimony of Under Secretary of Energy Mark W. Menezes, U.S. Department
of Energy
introduction
Chairman Cassidy, Ranking Member Heinrich, and Members of
the Subcommittee, it is a privilege and an honor to serve at
the Department of Energy (DOE or the Department), which is
tasked with, among other important responsibilities: overseeing
the Nation's nuclear energy research and development programs;
creating and sustaining American leadership in the transition
to a global clean energy economy; working effectively with the
States on our Nation's energy challenges; and supporting our
current, and developing our Nation's future, energy workforce.
Thank you for the opportunity to testify today on behalf of the
Department regarding legislation pertinent to DOE that is now
pending in the Senate.
I have been asked to testify on nine (9) bills today. The
Administration continues to review all of these bills. I
appreciate the ongoing bipartisan efforts to address our
Nation's energy challenges and I look forward to working with
the Committee.
interactions with the states
DOE has a long and successful history of working with
States on the Nation's most significant energy challenges. DOE
has provided support for State and local governments to develop
and refine energy assurance plans, build in-house expertise on
infrastructure interdependencies (i.e., other critical
infrastructure systems' reliance on electricity for operations)
and vulnerabilities, integrate renewable energy, address
challenges associated with premature nuclear power plant
retirements and opportunities associated with advanced nuclear
deployment, and utilize new applications such as cyber and
smart grid technologies.
S. 2095--Enhancing Grid Security through Public-Private Partnerships
Act
One of the most critical missions at DOE is developing the
science and technology to successfully counter the ever-
evolving, increasing threat of cyber and other attacks on our
networks, data, facilities, and infrastructure. DOE works
closely with our Federal agency partners, as well as
governments at the State, local, tribal and territorial
government levels, industry, academic institutions, and
National Laboratory partners to accomplish this mission. This
bill provides for certain activities in the Department
concerning cybersecurity and vulnerabilities of, and physical
threats to, the electric grid. It creates a program related to
physical security and cybersecurity of electric utilities.
The Department will continue to review the legislation and
looks forward to working with Congress as the legislative
process moves forward.
conclusion
Thank you again for the opportunity to be here today. The
Department appreciates the ongoing bipartisan efforts to
address our Nation's energy challenges, and looks forward to
working with the Committee on the legislation on today's agenda
and any future legislation. I would be happy to answer your
questions.
CHANGES IN EXISTING LAW
In compliance with paragraph 12 of rule XXVI of the
Standing Rules of the Senate, the Committee notes that no
changes in existing law are made by S. 2095 as ordered
reported.
[all]
