H. Rept. 115-795 - ENHANCING GRID SECURITY THROUGH PUBLIC-PRIVATE PARTNERSHIPS ACT115th Congress (2017-2018)
Committee Report
Hide OverviewReport Type: | House Report |
---|---|
Accompanies: | H.R.5240 |
Committees: |
|
Report text available as:
- TXT
- PDF (PDF provides a complete and accurate display of this text.) Tip ?
115th Congress } { Report HOUSE OF REPRESENTATIVES 2d Session } { 115-795 ====================================================================== ENHANCING GRID SECURITY THROUGH PUBLIC-PRIVATE PARTNERSHIPS ACT _______ June 28, 2018.--Committed to the Committee of the Whole House on the State of the Union and ordered to be printed _______ Mr. Walden, from the Committee on Energy and Commerce, submitted the following R E P O R T [To accompany H.R. 5240] [Including cost estimate of the Congressional Budget Office] The Committee on Energy and Commerce, to whom was referred the bill (H.R. 5240) to provide for certain programs and developments in the Department of Energy concerning the cybersecurity and vulnerabilities of, and physical threats to, the electric grid, and for other purposes, having considered the same, report favorably thereon with an amendment and recommend that the bill as amended do pass. CONTENTS Page Purpose and Summary.............................................. 3 Background and Need for Legislation.............................. 3 Committee Action................................................. 7 Committee Votes.................................................. 7 Oversight Findings and Recommendations........................... 7 New Budget Authority, Entitlement Authority, and Tax Expenditures 7 Congressional Budget Office Estimate............................. 8 Federal Mandates Statement....................................... 9 Statement of General Performance Goals and Objectives............ 9 Duplication of Federal Programs.................................. 9 Committee Cost Estimate.......................................... 9 Earmark, Limited Tax Benefits, and Limited Tariff Benefits....... 9 Disclosure of Directed Rule Makings.............................. 9 Advisory Committee Statement..................................... 9 Applicability to Legislative Branch.............................. 9 Section-by-Section Analysis of the Legislation................... 9 Changes in Existing Law Made by the Bill, as Reported............ 11 The amendment is as follows: Strike all after the enacting clause and insert the following: SECTION 1. SHORT TITLE. This Act may be cited as the ``Enhancing Grid Security through Public-Private Partnerships Act''. SEC. 2. PROGRAM TO PROMOTE AND ADVANCE PHYSICAL SECURITY AND CYBERSECURITY OF ELECTRIC UTILITIES. (a) Establishment.--The Secretary of Energy, in consultation with State regulatory authorities, industry stakeholders, the Electric Reliability Organization, and other Federal agencies the Secretary determines appropriate, shall carry out a program to-- (1) develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities; (2) provide training to electric utilities to address and mitigate cybersecurity supply chain management risks; (3) increase opportunities for sharing best practices and data collection within the electric sector; (4) assist with cybersecurity training for electric utilities; (5) advance the cybersecurity of third-party vendors that work in partnerships with electric utilities; and (6) provide technical assistance for electric utilities subject to the program. (b) Scope.--In carrying out the program under subsection (a), the Secretary of Energy shall-- (1) take into consideration different sizes of electric utilities and the regions that such electric utilities serve; (2) prioritize electric utilities with fewer available resources due to size or region; and (3) to the extent practicable, utilize and leverage existing Department of Energy programs. (c) Protection of Information.--Information provided to, or collected by, the Federal Government pursuant to this section-- (1) shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and (2) shall not be made available by any Federal, State, political subdivision or tribal authority pursuant to any Federal, State, political subdivision, or tribal law requiring public disclosure of information or records. SEC. 3. REPORT ON CYBERSECURITY AND DISTRIBUTION SYSTEMS. (a) In General.--The Secretary of Energy, in consultation with State regulatory authorities, industry stakeholders, and other Federal agencies the Secretary determines appropriate, shall submit to Congress a report that assesses-- (1) priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems to address threats to, and vulnerabilities of, such electricity distribution systems; and (2) implementation of such priorities, policies, procedures, and actions, including an estimate of potential costs and benefits of such implementation, including any public-private cost-sharing opportunities. (b) Protection of Information.--Information provided to, or collected by, the Federal Government pursuant to this section-- (1) shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and (2) shall not be made available by any Federal, State, political subdivision or tribal authority pursuant to any Federal, State, political subdivision, or tribal law requiring public disclosure of information or records. SEC. 4. ELECTRICITY INTERRUPTION INFORMATION. (a) Interruption Cost Estimate Calculator.--The Secretary of Energy, in consultation with the Federal Energy Regulatory Commission, State regulatory authorities, industry stakeholders, and other Federal agencies the Secretary determines appropriate, shall update the Interruption Cost Estimate Calculator, as often as appropriate and feasible, but not less than once every 2 years. (b) Indices.--The Secretary of Energy, in consultation with the Federal Energy Regulatory Commission, State regulatory authorities, industry stakeholders, and other Federal agencies the Secretary determines appropriate, shall, as often as appropriate and feasible, update the following: (1) The System Average Interruption Duration Index. (2) The System Average Interruption Frequency Index. (3) The Customer Average Interruption Duration Index. (c) Survey.--The Administrator of the Energy Information Administration shall collect information on electricity interruption costs, if available, from a representative sample of owners of electric grid assets through a biennial survey. SEC. 5. DEFINITIONS. In the Act, the following definitions apply: (1) Electric reliability organization.--The term ``Electric Reliability Organization'' has the meaning given such term in section 215(a)(2) of the Federal Power Act (16 U.S.C. 824o(a)(2)). (2) Electric utility.--The term ``electric utility'' has the meaning given such term in section 3 of the Federal Power Act (16 U.S.C. 796). (3) State regulatory authority.--The term ``State regulatory authority'' has the meaning given such term in section 3 of the Federal Power Act (16 U.S.C. 796). PURPOSE AND SUMMARY H.R. 5240, the Enhancing Grid Security through Public- Private Partnerships Act of 2018, was introduced by Rep. Jerry McNerney (D-CA) and Rep. Robert Latta (R-OH) on March 9, 2018. This legislation would require the Secretary of Energy to establish a program to facilitate and encourage public-private partnerships to promote and advance physical security and cybersecurity of electric utilities. The Secretary of Energy is directed to carry out a program to (1) develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities; (2) provide training and technical assistance to electric utilities to address and mitigate cybersecurity supply chain management risks; and (3) increase opportunities for sharing best practices and data collection within the electric sector. The Secretary is also required to take into consideration different sizes of electric utilities and the regions they serve and to prioritize electric utilities with fewer available resources due to size or region. Any information an electric utility provides to the Federal government through this program will be exempt from public disclosure under Federal, State, or tribal law. The bill also provides for a report to Congress addressing cybersecurity as it relates to the electric distribution system. H.R. 5240 directs the Secretary to assess priorities, policies, procedures, and actions for enhancing the physical and cybersecurity of the electric distribution system, including the costs and benefits of implementing these priorities, policies, procedures, and actions. Finally, H.R. 5240 directs the Department of Energy (DOE) to update the Interruption Cost Estimate Calculator, a tool designed for and utilized by electric reliability planners at electric utilities, government organizations, or other entities that are interested in estimating interruption costs and benefits associated with infrastructure improvements. BACKGROUND AND NEED FOR LEGISLATION The United States' energy infrastructure is comprised of a vast network of energy and electricity systems that deliver uninterrupted electricity from producers to consumers. These intricate and highly interdependent systems enable every aspect of our daily lives. Our nation's economy, security, and the health and safety of its citizens depend upon the reliable and uninterrupted supply of fuels and electricity. Since the inception of the Department of Energy in 1977, the manner in which energy and power is generated, transmitted, and delivered continues to rapidly change and evolve. As advances in digital and information technologies continue to layer onto existing practices and energy infrastructures, new risks emerge, and vulnerabilities are exposed. Recent high-profile attempts by foreign actors to infiltrate our nation's energy systems and infrastructure further highlight the need for legislation aimed at mitigating these significant and growing threats to the reliable supply of energy in the United States. The Department of Energy's authorities for cybersecurity, energy security, and emergency response When the Department of Energy was organized in 1977, energy security concerns revolved around oil supply shortages. As a result, energy security emergency functions in the Department of Energy Organization Act focused on distributing and allocating fuels in an emergency. Over time, these functions in DOE's organic statute remained largely unchanged, but DOE's responsibilities and authorities have evolved substantially beyond what was envisioned forty years ago. Energy delivery systems have become increasingly interconnected and digitized, while society has become more dependent on energy in all its forms--expanding the opportunities for cybersecurity threats and other hazards that may require emergency response. Today, DOE's mission to advance the national, economic, and energy security of the United States requires it to act as the lead agency for the protection of electric power, oil, and natural gas infrastructure. DOE has authority and responsibilities for the physical security and cybersecurity of energy delivery systems from laws that Congress has passed and Presidential directives. Congress has provided DOE with a wide range of emergency response and cybersecurity authorities affecting multiple segments of the energy sector, beginning with the Department of Energy Organization Act, and most recently with the Fixing America's Surface Transportation Act (FAST Act). The FAST Act, which was signed into law in 2015, designated DOE as the Sector-Specific Agency (SSA) for the energy sector and provided the Department with several new energy security authorities to respond to physical and cyberattacks to energy systems. Section 61003 of the FAST Act amended section 215 of the Federal Power Act (FPA) and created a new section 215A entitled, ``Critical Electric Infrastructure Security.'' This new section 215A of the FPA provided definitions for the terms ``bulk power system,'' ``critical electric infrastructure,'' ``critical electric infrastructure information,'' and ``grid security emergency,''\1\ among other terms. Section 215 of the FPA states that when the President issues or provides to the Secretary of Energy a written directive or determination identifying a grid security emergency, the Secretary may, with or without notice, hearing, or report, issue orders for emergency measures to protect or restore the reliability of critical electric infrastructure or of defense critical electric infrastructure during an emergency.\2\ Section 215A also includes protections for the sharing of critical electric information. --------------------------------------------------------------------------- \1\See Section 215A of the Federal Power Act, the term ``Grid Security Emergency'' means the occurrence or imminent danger of (A)(i) a malicious act using electronic communication or an electromagnetic pulse, or a geomagnetic storm event, that could disrupt the operation of those electronic devices or communications networks, including hardware, software, and data, that are essential to the reliability of critical electric infrastructure or of defense critical electric infrastructure; and (ii) disruption of the operation of such devices or networks, with significant adverse effects on the reliability of critical electric infrastructure or of defense critical electric infrastructure, as a result of such act or event; or (B)(i) a direct physical attack on critical electric infrastructure or on defense critical electric infrastructure; and (ii) significant adverse effects on the reliability of critical electric infrastructure or of defense critical electric infrastructure as a result of such physical attack. \2\Federal Power Act Sec. 215A, 16 U.S.C. Sec. 824o-1. --------------------------------------------------------------------------- DOE's cybersecurity roles and responsibilities are also guided by the Federal government's operational framework, as provided by the Presidential Policy Directive 41 (PPD-41) issued in 2016 addressing ``United States Cyber Incident Coordination.'' A primary purpose of PPD-41 is to improve coordination across the Federal government by clarifying roles and responsibilities. Under the PPD-41 framework, DOE serves as the lead agency for the energy sector, coordinating closely with other agencies and the private sector to facilitate the response, recovery, and restoration of damaged energy infrastructure. On February 14, 2018, the Energy Secretary formed a new Office of Cybersecurity, Energy Security, and Emergency Response (CESER) at DOE. The CESER office will be led by an Assistant Secretary who will focus on energy infrastructure security, support the expanded national security responsibilities assigned to DOE, and report to the Under Secretary of Energy.\3\ --------------------------------------------------------------------------- \3\See Press Release, U.S. Department of Energy, ``Secretary of Energy Rick Perry Forms New Office of Cybersecurity, Energy Security, and Emergency Response.'' (Feb. 14, 2018), https://www.energy.gov/ articles/secretary-energy-rick-perry-forms-new-office-cybersecurity- energy- security-and-emergency. --------------------------------------------------------------------------- Physical security and cybersecurity of the electric grid With respect to its responsibilities for security of the electric power system, DOE works closely with electric sector owners and operators to detect and mitigate risks to critical electric infrastructure. DOE collaborates with the electric sector to develop technologies, tools, exercises, and other resources to assist the energy sector in evaluating and improving their security preparedness.\4\ --------------------------------------------------------------------------- \4\Department of Energy. Energy Sector Cybersecurity Preparedness. --------------------------------------------------------------------------- Along with DOE, the Federal Energy Regulatory Commission (FERC) has authority over the reliability of the electric grid. Congress, through the Energy Policy Act of 2005,\5\ provided FERC with the authority to approve mandatory cybersecurity standards proposed by the Electric Reliability Organization (ERO). The North American Electric Reliability Corporation (NERC) currently serves as the ERO. NERC proposes reliability standards for planning and operating the North American bulk power system. These critical infrastructure protection (CIP) reliability standards\6\ address physical security and cybersecurity of critical electric infrastructure. --------------------------------------------------------------------------- \5\P.L. 109-58. \6\See North American Electric Reliability Corporation for further information. --------------------------------------------------------------------------- Cooperation between the Federal government and electricity sector extends beyond mandatory and enforceable standards. The Electricity Subsector Coordinating Council (ESCC) serves as the principal liaison between the Federal government and the electric power sector in coordinating efforts to prepare for national-level incidents or threats to critical infrastructure.\7\ The Cybersecurity Risk Information Sharing Program (CRISP) is a public-private partnership, funded by DOE and industry. CRISP is managed by the Electricity Information Sharing and Analysis Center (E-ISAC)\8\ and facilitates the timely bi-directional sharing of unclassified and classified threat information with energy sector partners.\9\ --------------------------------------------------------------------------- \7\See Electric Subsector Coordinating Council for further information. \8\See Electricity Information Sharing and Analysis Center for further information. \9\Department of Energy. Cybersecurity for Critical Energy Infrastructure. --------------------------------------------------------------------------- Need for legislation The Committee finds that section 2 of H.R. 5240 would facilitate and strengthen public-private partnerships to promote and advance the physical security and cybersecurity of electric utilities that have fewer resources due to size or region. According to the testimony of Undersecretary Mark Menezes: The cyber-attacks on the Ukrainian grid underscored the urgency of the cyber threat to everyone involved in the protection and operation of the Nation's power grid. Continuing to build off current work is critical in mitigating the risks that the electric grid faces. Sharing and promoting best practices, including maturity model assessments, physical and cyber risk assessments, and training are all important components of this risk mitigation.\10\ --------------------------------------------------------------------------- \10\See Written Testimony of Under Secretary Mark Menezes, U.S. Department of Energy, Before the Subcommittee on Energy, Committee on Energy and Commerce, March 14, 2018. The Edison Electric Institute (EEI), American Public Power Association (APPA) and the National Rural Electric Cooperatives Association (NRECA) supported section 2 of H.R. 5240. APPA and NRECA, in a statement submitted for the hearing record, stated, ``[p]ublic-private partnerships like those between DOE, APPA and NRECA are vital to help needed resources reach the smaller utilities in the sector.''\11\ --------------------------------------------------------------------------- \11\See Statement for the Record by the American Public Power Association (APPA) and the National Rural Electric Cooperative Association (NRECA) for Subcommittee on Energy, --------------------------------------------------------------------------- The Committee finds section 3 of H.R. 5240 would help mitigate against threats and vulnerabilities to electricity distribution systems by assessing priorities, policies, procedures, and actions for enhancing the physical and cybersecurity of electric distribution systems. The testimony of Scott Aaronson, Vice President, Security and Preparedness for the Edison Electric Institute supported this section and stated, ``[t]he number of distribution assets--including distributed energy resources and customer devices `behind the meter'--is growing and can impact the broader electricity system, the security of these interconnected devices must be considered to prevent cybersecurity incidents from impacting reliability.''\12\ --------------------------------------------------------------------------- \12\See Written testimony of Mr. Scott Aaronson, Vice President, Security and Preparedness for the Edison Electric Institute, Before the Subcommittee on Energy, Committee on Energy and Commerce, March 14, 2018. --------------------------------------------------------------------------- The Committee finds section 4 of H.R. 5240 would help improve electric infrastructure resilience by updating a program that assists grid planners at utilities, government organizations and other entities with estimating interruption costs and benefits associated with infrastructure improvements. According to the testimony of Undersecretary Mark Menezes: The Interruption Cost Estimate (ICE) Calculator tool, which was developed by Lawrence Berkley National Laboratory and Nexant, Inc. and funded by DOE-OE, is designed for electric reliability planners at utilities, government organizations, or other entities that are interested in estimating interruption costs and/or benefits associated with reliability improvements in the United States. For any hazard, including cyber events, the ICE Calculator provides analytical foundations for reliability investments.''\13\ --------------------------------------------------------------------------- \13\See Written Testimony of Under Secretary Mark Menezes, U.S. Department of Energy, Before the Subcommittee on Energy, Committee on Energy and Commerce, March 14, 2018. --------------------------------------------------------------------------- COMMITTEE ACTION On March 14, 2018 the Subcommittee on Energy held a hearing on H.R. 5240 entitled, ``DOE Modernization: Legislation Addressing Cybersecurity and Emergency Response.'' The Subcommittee received testimony from: Mark Menezes, Under Secretary of Energy, U.S. Department of Energy; Scott Aaronson, Vice President, Security and Preparedness, Edison Electric Institute; Mark Engels, Senior Enterprise Security Advisor, Dominion Energy; Tristan Vance, Director, Office of Energy Development, State of Indiana on behalf of the National Association of State Energy Officials; Zachary Tudor, Associate Laboratory Director for National and Homeland Security, Idaho National Laboratory; and, Kyle Pistor, Vice President of Government Relations, National Electrical Manufactures Association. On April 18, 2018, the Subcommittee on Energy met in open markup session and forwarded H.R. 5240, without amendment, to the full Committee by a voice vote. On May 9, 2018, the full Committee on Energy and Commerce met in open markup session and ordered H.R. 5240, as amended, favorably reported to the House by a voice vote. COMMITTEE VOTES Clause 3(b) of rule XIII requires the Committee to list the recorded votes on the motion to report legislation and amendments thereto. There were no recorded votes taken in connection with ordering H.R. 5240 reported. OVERSIGHT FINDINGS AND RECOMMENDATIONS Pursuant to clause 2(b)(1) of rule X and clause 3(c)(1) of rule XIII, the Committee held a hearings and made findings that are reflected in this report. NEW BUDGET AUTHORITY, ENTITLEMENT AUTHORITY, AND TAX EXPENDITURES Pursuant to clause 3(c)(2) of rule XIII, the Committee finds that H.R. 5240 would result in no new or increased budget authority, entitlement authority, or tax expenditures or revenues. CONGRESSIONAL BUDGET OFFICE ESTIMATE Pursuant to clause 3(c)(3) of rule XIII, the following is the cost estimate provided by the Congressional Budget Office pursuant to section 402 of the Congressional Budget Act of 1974: U.S. Congress, Congressional Budget Office, Washington, DC, May 23, 2018. Hon. Greg Walden, Chairman, Committee on Energy and Commerce, House of Representatives, Washington, DC. Dear Mr. Chairman: The Congressional Budget Office has prepared the enclosed cost estimate for H.R. 5240, the Enhancing Grid Security through Public-Private Partnerships Act. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contact is Megan Carroll. Sincerely, Mark P. Hadley (For Keith Hall, Director). Enclosure. H.R. 5240--Enhancing Grid Security through Public-Private Partnerships Act H.R. 5240 would direct the Department of Energy (DOE) to establish a program to promote collaborative efforts--among federal, state, and private stakeholders of the electricity sector--to assess and improve the physical security and cybersecurity of electric utilities. The bill would authorize DOE to provide guidance, training, and technical assistance to utilities and specify other reporting and administrative requirements. Using information from DOE, CBO estimates that enacting H.R. 5240 would not significantly affect the federal budget. The activities authorized by the bill are largely consistent with DOE's existing efforts related to the security of the energy infrastructure. As a result, CBO expects that any changes in federal spending under the bill--which would be subject to appropriation--would be small. H.R. 5240 would not affect direct spending or revenues; therefore, pay-as-you-go procedures do not apply. CBO estimates that enacting H.R. 5240 would not affect direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2029. H.R. 5240 would impose an intergovernmental mandate, as defined in the Unfunded Mandates Reform Act (UMRA), by preempting state, local, and tribal laws that could otherwise cause government agencies to disclose information collected by DOE under the bill, such as plans to enhance cybersecurity. Although the preemption would limit the application of state, local, and tribal laws, CBO estimates that it would impose no duty on those governments that would result in additional spending or a loss of revenue. H.R. 5240 contains no private-sector mandates as defined in UMRA. The CBO staff contacts for this estimate are Megan Carroll (for federal costs) and Jon Sperl (for mandates). The estimate was reviewed by H. Samuel Papenfuss, Deputy Assistant Director for Budget Analysis. FEDERAL MANDATES STATEMENT The Committee adopts as its own the estimate of Federal mandates prepared by the Director of the Congressional Budget Office pursuant to section 423 of the Unfunded Mandates Reform Act. STATEMENT OF GENERAL PERFORMANCE GOALS AND OBJECTIVES Pursuant to clause 3(c)(4) of rule XIII, the general performance goal or objective of this legislation is to provide programs and developments in the Department of Energy concerning the cybersecurity and vulnerabilities of, and physical threats to, the electric grid, and for other purposes. DUPLICATION OF FEDERAL PROGRAMS Pursuant to clause 3(c)(5) of rule XIII, no provision of H.R. 5240 is known to be duplicative of another Federal program, including any program that was included in a report to Congress pursuant to section 21 of Public Law 111-139 or the most recent Catalog of Federal Domestic Assistance. COMMITTEE COST ESTIMATE Pursuant to clause 3(d)(1) of rule XIII, the Committee adopts as its own the cost estimate prepared by the Director of the Congressional Budget Office pursuant to section 402 of the Congressional Budget Act of 1974. EARMARK, LIMITED TAX BENEFITS, AND LIMITED TARIFF BENEFITS Pursuant to clause 9(e), 9(f), and 9(g) of rule XXI, the Committee finds that H.R. 5240 contains no earmarks, limited tax benefits, or limited tariff benefits. DISCLOSURE OF DIRECTED RULE MAKINGS Pursuant to section 3(i) of H. Res. 5, the Committee finds that H.R. 5240 contains no directed rule makings. ADVISORY COMMITTEE STATEMENT No advisory committees within the meaning of section 5(b) of the Federal Advisory Committee Act were created by this legislation. APPLICABILITY TO LEGISLATIVE BRANCH The Committee finds that the legislation does not relate to the terms and conditions of employment or access to public services or accommodations within the meaning of section 102(b)(3) of the Congressional Accountability Act. SECTION-BY-SECTION ANALYSIS OF THE LEGISLATION Section 1. Short title This section provides the short title of ``Enhancing Grid Security through Public-Private Partnerships Act of 2018.'' Section 2. Program to promote and advance physical security and cybersecurity of electric utilities The Secretary of Energy, in consultation with State regulatory authorities, industry stakeholders, and other Federal agencies the Secretary determines appropriate, shall carry out a program to (1) develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities; (2) provide training and technical assistance to electric utilities to address and mitigate cybersecurity supply chain management risks; (3) increase opportunities for sharing best practices and data collection within the electric sector; (4) assist with cybersecurity training for electric utilities; (5) advance the cybersecurity of third-party vendors that work in partnerships with electric utilities; and (6) provide technical assistance for electric utilities subject to the program. Section 2(b) states that in carrying out the program under section 2(a), the Secretary of Energy shall (1) take into consideration different sizes of electric utilities and the regions that such electric utilities serve; (2) prioritize electric utilities with fewer available resources due to size or region; and, (3) to the extent practicable, utilize and leverage existing Department of Energy programs. Section 2(c) states that information provided to, or collected by, the Federal government pursuant to this section, (1) shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and (2) shall not be made available by any Federal, State, political subdivision, or tribal law requiring disclosure of information or records. Section 3. Report on cybersecurity and distribution systems Section 3(a) directs the Secretary of Energy, in consultation with State regulatory authorities, industry stakeholders, and other Federal agencies the Secretary determines appropriate, shall submit to Congress a report that assesses (1) priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems to address threats to, and vulnerabilities of, such electricity distribution systems. Section 3(a)(2) further clarifies that this report will assess implementation of such priorities, policies, procedures, and actions, including an estimate of potential costs and benefits of such implementation, including any public-private cost- sharing opportunities. Section 3(b) states that information provided to, or collected by, the Federal government pursuant to this section, (1) shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and (2) shall not be made available by any Federal, State, political subdivision, or tribal law requiring disclosure of information or records. Section 4. Electricity interruption information Section 4(a) directs that the Secretary of Energy, in consultation with the Federal Energy Regulatory Commission, State regulatory authorities, industry stakeholders, and other Federal agencies the Secretary determines appropriate, shall update the Interruption Cost Estimate Calculator, as often as appropriate and feasible, but not less than once every 2 years. Section 4(b) instructs that the Secretary of Energy, in consultation with the Federal Energy Regulatory Commission, State regulatory authorities, industry stakeholders, and other Federal agencies the Secretary determines appropriate, shall, as often as appropriate and feasible, update the following: (1) The System Average Interruption Duration Index, (2) The System Average Interruption Frequency Index, and (3) The Customer Average Interruption Index. Section 4(c) directs the Administrator of the Energy Information Administration to collect information on electricity interruption costs, if available, from a representative sample of owners of electric grid assets through biennial survey. Section 5. Definitions For this legislation the term ``electric utility'' has the meaning given such term in section 3 of the Federal Power Act (16 U.S.C. 796). The term ``State regulatory authority'' has the meaning given such term in section 3 of the Federal Power Act (16 U.S.C. 796). CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED This legislation does not amend any existing Federal statute. [all]