H. Rept. 115-795 - ENHANCING GRID SECURITY THROUGH PUBLIC-PRIVATE PARTNERSHIPS ACT115th Congress (2017-2018)
Committee Report
Hide Overview| Report Type: | House Report |
|---|---|
| Accompanies: | H.R.5240 |
| Committees: |
|
Report text available as:
- TXT
- PDF (PDF provides a complete and accurate display of this text.) Tip ?
115th Congress } { Report
HOUSE OF REPRESENTATIVES
2d Session } { 115-795
======================================================================
ENHANCING GRID SECURITY THROUGH PUBLIC-PRIVATE PARTNERSHIPS ACT
_______
June 28, 2018.--Committed to the Committee of the Whole House on the
State of the Union and ordered to be printed
_______
Mr. Walden, from the Committee on Energy and Commerce, submitted the
following
R E P O R T
[To accompany H.R. 5240]
[Including cost estimate of the Congressional Budget Office]
The Committee on Energy and Commerce, to whom was referred
the bill (H.R. 5240) to provide for certain programs and
developments in the Department of Energy concerning the
cybersecurity and vulnerabilities of, and physical threats to,
the electric grid, and for other purposes, having considered
the same, report favorably thereon with an amendment and
recommend that the bill as amended do pass.
CONTENTS
Page
Purpose and Summary.............................................. 3
Background and Need for Legislation.............................. 3
Committee Action................................................. 7
Committee Votes.................................................. 7
Oversight Findings and Recommendations........................... 7
New Budget Authority, Entitlement Authority, and Tax Expenditures 7
Congressional Budget Office Estimate............................. 8
Federal Mandates Statement....................................... 9
Statement of General Performance Goals and Objectives............ 9
Duplication of Federal Programs.................................. 9
Committee Cost Estimate.......................................... 9
Earmark, Limited Tax Benefits, and Limited Tariff Benefits....... 9
Disclosure of Directed Rule Makings.............................. 9
Advisory Committee Statement..................................... 9
Applicability to Legislative Branch.............................. 9
Section-by-Section Analysis of the Legislation................... 9
Changes in Existing Law Made by the Bill, as Reported............ 11
The amendment is as follows:
Strike all after the enacting clause and insert the
following:
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Enhancing Grid Security through
Public-Private Partnerships Act''.
SEC. 2. PROGRAM TO PROMOTE AND ADVANCE PHYSICAL SECURITY AND
CYBERSECURITY OF ELECTRIC UTILITIES.
(a) Establishment.--The Secretary of Energy, in consultation with
State regulatory authorities, industry stakeholders, the Electric
Reliability Organization, and other Federal agencies the Secretary
determines appropriate, shall carry out a program to--
(1) develop, and provide for voluntary implementation of,
maturity models, self-assessments, and auditing methods for
assessing the physical security and cybersecurity of electric
utilities;
(2) provide training to electric utilities to address and
mitigate cybersecurity supply chain management risks;
(3) increase opportunities for sharing best practices and
data collection within the electric sector;
(4) assist with cybersecurity training for electric
utilities;
(5) advance the cybersecurity of third-party vendors that
work in partnerships with electric utilities; and
(6) provide technical assistance for electric utilities
subject to the program.
(b) Scope.--In carrying out the program under subsection (a), the
Secretary of Energy shall--
(1) take into consideration different sizes of electric
utilities and the regions that such electric utilities serve;
(2) prioritize electric utilities with fewer available
resources due to size or region; and
(3) to the extent practicable, utilize and leverage existing
Department of Energy programs.
(c) Protection of Information.--Information provided to, or collected
by, the Federal Government pursuant to this section--
(1) shall be exempt from disclosure under section 552(b)(3)
of title 5, United States Code; and
(2) shall not be made available by any Federal, State,
political subdivision or tribal authority pursuant to any
Federal, State, political subdivision, or tribal law requiring
public disclosure of information or records.
SEC. 3. REPORT ON CYBERSECURITY AND DISTRIBUTION SYSTEMS.
(a) In General.--The Secretary of Energy, in consultation with State
regulatory authorities, industry stakeholders, and other Federal
agencies the Secretary determines appropriate, shall submit to Congress
a report that assesses--
(1) priorities, policies, procedures, and actions for
enhancing the physical security and cybersecurity of
electricity distribution systems to address threats to, and
vulnerabilities of, such electricity distribution systems; and
(2) implementation of such priorities, policies, procedures,
and actions, including an estimate of potential costs and
benefits of such implementation, including any public-private
cost-sharing opportunities.
(b) Protection of Information.--Information provided to, or collected
by, the Federal Government pursuant to this section--
(1) shall be exempt from disclosure under section 552(b)(3)
of title 5, United States Code; and
(2) shall not be made available by any Federal, State,
political subdivision or tribal authority pursuant to any
Federal, State, political subdivision, or tribal law requiring
public disclosure of information or records.
SEC. 4. ELECTRICITY INTERRUPTION INFORMATION.
(a) Interruption Cost Estimate Calculator.--The Secretary of Energy,
in consultation with the Federal Energy Regulatory Commission, State
regulatory authorities, industry stakeholders, and other Federal
agencies the Secretary determines appropriate, shall update the
Interruption Cost Estimate Calculator, as often as appropriate and
feasible, but not less than once every 2 years.
(b) Indices.--The Secretary of Energy, in consultation with the
Federal Energy Regulatory Commission, State regulatory authorities,
industry stakeholders, and other Federal agencies the Secretary
determines appropriate, shall, as often as appropriate and feasible,
update the following:
(1) The System Average Interruption Duration Index.
(2) The System Average Interruption Frequency Index.
(3) The Customer Average Interruption Duration Index.
(c) Survey.--The Administrator of the Energy Information
Administration shall collect information on electricity interruption
costs, if available, from a representative sample of owners of electric
grid assets through a biennial survey.
SEC. 5. DEFINITIONS.
In the Act, the following definitions apply:
(1) Electric reliability organization.--The term ``Electric
Reliability Organization'' has the meaning given such term in
section 215(a)(2) of the Federal Power Act (16 U.S.C.
824o(a)(2)).
(2) Electric utility.--The term ``electric utility'' has the
meaning given such term in section 3 of the Federal Power Act
(16 U.S.C. 796).
(3) State regulatory authority.--The term ``State regulatory
authority'' has the meaning given such term in section 3 of the
Federal Power Act (16 U.S.C. 796).
PURPOSE AND SUMMARY
H.R. 5240, the Enhancing Grid Security through Public-
Private Partnerships Act of 2018, was introduced by Rep. Jerry
McNerney (D-CA) and Rep. Robert Latta (R-OH) on March 9, 2018.
This legislation would require the Secretary of Energy to
establish a program to facilitate and encourage public-private
partnerships to promote and advance physical security and
cybersecurity of electric utilities.
The Secretary of Energy is directed to carry out a program
to (1) develop, and provide for voluntary implementation of,
maturity models, self-assessments, and auditing methods for
assessing the physical security and cybersecurity of electric
utilities; (2) provide training and technical assistance to
electric utilities to address and mitigate cybersecurity supply
chain management risks; and (3) increase opportunities for
sharing best practices and data collection within the electric
sector.
The Secretary is also required to take into consideration
different sizes of electric utilities and the regions they
serve and to prioritize electric utilities with fewer available
resources due to size or region. Any information an electric
utility provides to the Federal government through this program
will be exempt from public disclosure under Federal, State, or
tribal law.
The bill also provides for a report to Congress addressing
cybersecurity as it relates to the electric distribution
system. H.R. 5240 directs the Secretary to assess priorities,
policies, procedures, and actions for enhancing the physical
and cybersecurity of the electric distribution system,
including the costs and benefits of implementing these
priorities, policies, procedures, and actions.
Finally, H.R. 5240 directs the Department of Energy (DOE)
to update the Interruption Cost Estimate Calculator, a tool
designed for and utilized by electric reliability planners at
electric utilities, government organizations, or other entities
that are interested in estimating interruption costs and
benefits associated with infrastructure improvements.
BACKGROUND AND NEED FOR LEGISLATION
The United States' energy infrastructure is comprised of a
vast network of energy and electricity systems that deliver
uninterrupted electricity from producers to consumers. These
intricate and highly interdependent systems enable every aspect
of our daily lives. Our nation's economy, security, and the
health and safety of its citizens depend upon the reliable and
uninterrupted supply of fuels and electricity. Since the
inception of the Department of Energy in 1977, the manner in
which energy and power is generated, transmitted, and delivered
continues to rapidly change and evolve. As advances in digital
and information technologies continue to layer onto existing
practices and energy infrastructures, new risks emerge, and
vulnerabilities are exposed. Recent high-profile attempts by
foreign actors to infiltrate our nation's energy systems and
infrastructure further highlight the need for legislation aimed
at mitigating these significant and growing threats to the
reliable supply of energy in the United States.
The Department of Energy's authorities for cybersecurity, energy
security, and emergency response
When the Department of Energy was organized in 1977, energy
security concerns revolved around oil supply shortages. As a
result, energy security emergency functions in the Department
of Energy Organization Act focused on distributing and
allocating fuels in an emergency. Over time, these functions in
DOE's organic statute remained largely unchanged, but DOE's
responsibilities and authorities have evolved substantially
beyond what was envisioned forty years ago. Energy delivery
systems have become increasingly interconnected and digitized,
while society has become more dependent on energy in all its
forms--expanding the opportunities for cybersecurity threats
and other hazards that may require emergency response.
Today, DOE's mission to advance the national, economic, and
energy security of the United States requires it to act as the
lead agency for the protection of electric power, oil, and
natural gas infrastructure. DOE has authority and
responsibilities for the physical security and cybersecurity of
energy delivery systems from laws that Congress has passed and
Presidential directives. Congress has provided DOE with a wide
range of emergency response and cybersecurity authorities
affecting multiple segments of the energy sector, beginning
with the Department of Energy Organization Act, and most
recently with the Fixing America's Surface Transportation Act
(FAST Act).
The FAST Act, which was signed into law in 2015, designated
DOE as the Sector-Specific Agency (SSA) for the energy sector
and provided the Department with several new energy security
authorities to respond to physical and cyberattacks to energy
systems. Section 61003 of the FAST Act amended section 215 of
the Federal Power Act (FPA) and created a new section 215A
entitled, ``Critical Electric Infrastructure Security.'' This
new section 215A of the FPA provided definitions for the terms
``bulk power system,'' ``critical electric infrastructure,''
``critical electric infrastructure information,'' and ``grid
security emergency,''\1\ among other terms. Section 215 of the
FPA states that when the President issues or provides to the
Secretary of Energy a written directive or determination
identifying a grid security emergency, the Secretary may, with
or without notice, hearing, or report, issue orders for
emergency measures to protect or restore the reliability of
critical electric infrastructure or of defense critical
electric infrastructure during an emergency.\2\ Section 215A
also includes protections for the sharing of critical electric
information.
---------------------------------------------------------------------------
\1\See Section 215A of the Federal Power Act, the term ``Grid
Security Emergency'' means the occurrence or imminent danger of (A)(i)
a malicious act using electronic communication or an electromagnetic
pulse, or a geomagnetic storm event, that could disrupt the operation
of those electronic devices or communications networks, including
hardware, software, and data, that are essential to the reliability of
critical electric infrastructure or of defense critical electric
infrastructure; and (ii) disruption of the operation of such devices or
networks, with significant adverse effects on the reliability of
critical electric infrastructure or of defense critical electric
infrastructure, as a result of such act or event; or (B)(i) a direct
physical attack on critical electric infrastructure or on defense
critical electric infrastructure; and (ii) significant adverse effects
on the reliability of critical electric infrastructure or of defense
critical electric infrastructure as a result of such physical attack.
\2\Federal Power Act Sec. 215A, 16 U.S.C. Sec. 824o-1.
---------------------------------------------------------------------------
DOE's cybersecurity roles and responsibilities are also
guided by the Federal government's operational framework, as
provided by the Presidential Policy Directive 41 (PPD-41)
issued in 2016 addressing ``United States Cyber Incident
Coordination.'' A primary purpose of PPD-41 is to improve
coordination across the Federal government by clarifying roles
and responsibilities. Under the PPD-41 framework, DOE serves as
the lead agency for the energy sector, coordinating closely
with other agencies and the private sector to facilitate the
response, recovery, and restoration of damaged energy
infrastructure.
On February 14, 2018, the Energy Secretary formed a new
Office of Cybersecurity, Energy Security, and Emergency
Response (CESER) at DOE. The CESER office will be led by an
Assistant Secretary who will focus on energy infrastructure
security, support the expanded national security
responsibilities assigned to DOE, and report to the Under
Secretary of Energy.\3\
---------------------------------------------------------------------------
\3\See Press Release, U.S. Department of Energy, ``Secretary of
Energy Rick Perry Forms New Office of Cybersecurity, Energy Security,
and Emergency Response.'' (Feb. 14, 2018), https://www.energy.gov/
articles/secretary-energy-rick-perry-forms-new-office-cybersecurity-
energy- security-and-emergency.
---------------------------------------------------------------------------
Physical security and cybersecurity of the electric grid
With respect to its responsibilities for security of the
electric power system, DOE works closely with electric sector
owners and operators to detect and mitigate risks to critical
electric infrastructure. DOE collaborates with the electric
sector to develop technologies, tools, exercises, and other
resources to assist the energy sector in evaluating and
improving their security preparedness.\4\
---------------------------------------------------------------------------
\4\Department of Energy. Energy Sector Cybersecurity Preparedness.
---------------------------------------------------------------------------
Along with DOE, the Federal Energy Regulatory Commission
(FERC) has authority over the reliability of the electric grid.
Congress, through the Energy Policy Act of 2005,\5\ provided
FERC with the authority to approve mandatory cybersecurity
standards proposed by the Electric Reliability Organization
(ERO). The North American Electric Reliability Corporation
(NERC) currently serves as the ERO. NERC proposes reliability
standards for planning and operating the North American bulk
power system. These critical infrastructure protection (CIP)
reliability standards\6\ address physical security and
cybersecurity of critical electric infrastructure.
---------------------------------------------------------------------------
\5\P.L. 109-58.
\6\See North American Electric Reliability Corporation for further
information.
---------------------------------------------------------------------------
Cooperation between the Federal government and electricity
sector extends beyond mandatory and enforceable standards. The
Electricity Subsector Coordinating Council (ESCC) serves as the
principal liaison between the Federal government and the
electric power sector in coordinating efforts to prepare for
national-level incidents or threats to critical
infrastructure.\7\ The Cybersecurity Risk Information Sharing
Program (CRISP) is a public-private partnership, funded by DOE
and industry. CRISP is managed by the Electricity Information
Sharing and Analysis Center (E-ISAC)\8\ and facilitates the
timely bi-directional sharing of unclassified and classified
threat information with energy sector partners.\9\
---------------------------------------------------------------------------
\7\See Electric Subsector Coordinating Council for further
information.
\8\See Electricity Information Sharing and Analysis Center for
further information.
\9\Department of Energy. Cybersecurity for Critical Energy
Infrastructure.
---------------------------------------------------------------------------
Need for legislation
The Committee finds that section 2 of H.R. 5240 would
facilitate and strengthen public-private partnerships to
promote and advance the physical security and cybersecurity of
electric utilities that have fewer resources due to size or
region. According to the testimony of Undersecretary Mark
Menezes:
The cyber-attacks on the Ukrainian grid underscored
the urgency of the cyber threat to everyone involved in
the protection and operation of the Nation's power
grid. Continuing to build off current work is critical
in mitigating the risks that the electric grid faces.
Sharing and promoting best practices, including
maturity model assessments, physical and cyber risk
assessments, and training are all important components
of this risk mitigation.\10\
---------------------------------------------------------------------------
\10\See Written Testimony of Under Secretary Mark Menezes, U.S.
Department of Energy, Before the Subcommittee on Energy, Committee on
Energy and Commerce, March 14, 2018.
The Edison Electric Institute (EEI), American Public Power
Association (APPA) and the National Rural Electric Cooperatives
Association (NRECA) supported section 2 of H.R. 5240. APPA and
NRECA, in a statement submitted for the hearing record, stated,
``[p]ublic-private partnerships like those between DOE, APPA
and NRECA are vital to help needed resources reach the smaller
utilities in the sector.''\11\
---------------------------------------------------------------------------
\11\See Statement for the Record by the American Public Power
Association (APPA) and the National Rural Electric Cooperative
Association (NRECA) for Subcommittee on Energy,
---------------------------------------------------------------------------
The Committee finds section 3 of H.R. 5240 would help
mitigate against threats and vulnerabilities to electricity
distribution systems by assessing priorities, policies,
procedures, and actions for enhancing the physical and
cybersecurity of electric distribution systems.
The testimony of Scott Aaronson, Vice President, Security
and Preparedness for the Edison Electric Institute supported
this section and stated, ``[t]he number of distribution
assets--including distributed energy resources and customer
devices `behind the meter'--is growing and can impact the
broader electricity system, the security of these
interconnected devices must be considered to prevent
cybersecurity incidents from impacting reliability.''\12\
---------------------------------------------------------------------------
\12\See Written testimony of Mr. Scott Aaronson, Vice President,
Security and Preparedness for the Edison Electric Institute, Before the
Subcommittee on Energy, Committee on Energy and Commerce, March 14,
2018.
---------------------------------------------------------------------------
The Committee finds section 4 of H.R. 5240 would help
improve electric infrastructure resilience by updating a
program that assists grid planners at utilities, government
organizations and other entities with estimating interruption
costs and benefits associated with infrastructure improvements.
According to the testimony of Undersecretary Mark Menezes:
The Interruption Cost Estimate (ICE) Calculator tool,
which was developed by Lawrence Berkley National
Laboratory and Nexant, Inc. and funded by DOE-OE, is
designed for electric reliability planners at
utilities, government organizations, or other entities
that are interested in estimating interruption costs
and/or benefits associated with reliability
improvements in the United States. For any hazard,
including cyber events, the ICE Calculator provides
analytical foundations for reliability
investments.''\13\
---------------------------------------------------------------------------
\13\See Written Testimony of Under Secretary Mark Menezes, U.S.
Department of Energy, Before the Subcommittee on Energy, Committee on
Energy and Commerce, March 14, 2018.
---------------------------------------------------------------------------
COMMITTEE ACTION
On March 14, 2018 the Subcommittee on Energy held a hearing
on H.R. 5240 entitled, ``DOE Modernization: Legislation
Addressing Cybersecurity and Emergency Response.'' The
Subcommittee received testimony from:
Mark Menezes, Under Secretary of Energy,
U.S. Department of Energy;
Scott Aaronson, Vice President, Security and
Preparedness, Edison Electric Institute;
Mark Engels, Senior Enterprise Security
Advisor, Dominion Energy;
Tristan Vance, Director, Office of Energy
Development, State of Indiana on behalf of the National
Association of State Energy Officials;
Zachary Tudor, Associate Laboratory Director
for National and Homeland Security, Idaho National
Laboratory; and,
Kyle Pistor, Vice President of Government
Relations, National Electrical Manufactures
Association.
On April 18, 2018, the Subcommittee on Energy met in open
markup session and forwarded H.R. 5240, without amendment, to
the full Committee by a voice vote.
On May 9, 2018, the full Committee on Energy and Commerce
met in open markup session and ordered H.R. 5240, as amended,
favorably reported to the House by a voice vote.
COMMITTEE VOTES
Clause 3(b) of rule XIII requires the Committee to list the
recorded votes on the motion to report legislation and
amendments thereto. There were no recorded votes taken in
connection with ordering H.R. 5240 reported.
OVERSIGHT FINDINGS AND RECOMMENDATIONS
Pursuant to clause 2(b)(1) of rule X and clause 3(c)(1) of
rule XIII, the Committee held a hearings and made findings that
are reflected in this report.
NEW BUDGET AUTHORITY, ENTITLEMENT AUTHORITY, AND TAX EXPENDITURES
Pursuant to clause 3(c)(2) of rule XIII, the Committee
finds that H.R. 5240 would result in no new or increased budget
authority, entitlement authority, or tax expenditures or
revenues.
CONGRESSIONAL BUDGET OFFICE ESTIMATE
Pursuant to clause 3(c)(3) of rule XIII, the following is
the cost estimate provided by the Congressional Budget Office
pursuant to section 402 of the Congressional Budget Act of
1974:
U.S. Congress,
Congressional Budget Office,
Washington, DC, May 23, 2018.
Hon. Greg Walden,
Chairman, Committee on Energy and Commerce,
House of Representatives, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed cost estimate for H.R. 5240, the
Enhancing Grid Security through Public-Private Partnerships
Act.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contact is Megan
Carroll.
Sincerely,
Mark P. Hadley
(For Keith Hall, Director).
Enclosure.
H.R. 5240--Enhancing Grid Security through Public-Private Partnerships
Act
H.R. 5240 would direct the Department of Energy (DOE) to
establish a program to promote collaborative efforts--among
federal, state, and private stakeholders of the electricity
sector--to assess and improve the physical security and
cybersecurity of electric utilities. The bill would authorize
DOE to provide guidance, training, and technical assistance to
utilities and specify other reporting and administrative
requirements.
Using information from DOE, CBO estimates that enacting
H.R. 5240 would not significantly affect the federal budget.
The activities authorized by the bill are largely consistent
with DOE's existing efforts related to the security of the
energy infrastructure. As a result, CBO expects that any
changes in federal spending under the bill--which would be
subject to appropriation--would be small.
H.R. 5240 would not affect direct spending or revenues;
therefore, pay-as-you-go procedures do not apply.
CBO estimates that enacting H.R. 5240 would not affect
direct spending or on-budget deficits in any of the four
consecutive 10-year periods beginning in 2029.
H.R. 5240 would impose an intergovernmental mandate, as
defined in the Unfunded Mandates Reform Act (UMRA), by
preempting state, local, and tribal laws that could otherwise
cause government agencies to disclose information collected by
DOE under the bill, such as plans to enhance cybersecurity.
Although the preemption would limit the application of state,
local, and tribal laws, CBO estimates that it would impose no
duty on those governments that would result in additional
spending or a loss of revenue.
H.R. 5240 contains no private-sector mandates as defined in
UMRA.
The CBO staff contacts for this estimate are Megan Carroll
(for federal costs) and Jon Sperl (for mandates). The estimate
was reviewed by H. Samuel Papenfuss, Deputy Assistant Director
for Budget Analysis.
FEDERAL MANDATES STATEMENT
The Committee adopts as its own the estimate of Federal
mandates prepared by the Director of the Congressional Budget
Office pursuant to section 423 of the Unfunded Mandates Reform
Act.
STATEMENT OF GENERAL PERFORMANCE GOALS AND OBJECTIVES
Pursuant to clause 3(c)(4) of rule XIII, the general
performance goal or objective of this legislation is to provide
programs and developments in the Department of Energy
concerning the cybersecurity and vulnerabilities of, and
physical threats to, the electric grid, and for other purposes.
DUPLICATION OF FEDERAL PROGRAMS
Pursuant to clause 3(c)(5) of rule XIII, no provision of
H.R. 5240 is known to be duplicative of another Federal
program, including any program that was included in a report to
Congress pursuant to section 21 of Public Law 111-139 or the
most recent Catalog of Federal Domestic Assistance.
COMMITTEE COST ESTIMATE
Pursuant to clause 3(d)(1) of rule XIII, the Committee
adopts as its own the cost estimate prepared by the Director of
the Congressional Budget Office pursuant to section 402 of the
Congressional Budget Act of 1974.
EARMARK, LIMITED TAX BENEFITS, AND LIMITED TARIFF BENEFITS
Pursuant to clause 9(e), 9(f), and 9(g) of rule XXI, the
Committee finds that H.R. 5240 contains no earmarks, limited
tax benefits, or limited tariff benefits.
DISCLOSURE OF DIRECTED RULE MAKINGS
Pursuant to section 3(i) of H. Res. 5, the Committee finds
that H.R. 5240 contains no directed rule makings.
ADVISORY COMMITTEE STATEMENT
No advisory committees within the meaning of section 5(b)
of the Federal Advisory Committee Act were created by this
legislation.
APPLICABILITY TO LEGISLATIVE BRANCH
The Committee finds that the legislation does not relate to
the terms and conditions of employment or access to public
services or accommodations within the meaning of section
102(b)(3) of the Congressional Accountability Act.
SECTION-BY-SECTION ANALYSIS OF THE LEGISLATION
Section 1. Short title
This section provides the short title of ``Enhancing Grid
Security through Public-Private Partnerships Act of 2018.''
Section 2. Program to promote and advance physical security and
cybersecurity of electric utilities
The Secretary of Energy, in consultation with State
regulatory authorities, industry stakeholders, and other
Federal agencies the Secretary determines appropriate, shall
carry out a program to (1) develop, and provide for voluntary
implementation of, maturity models, self-assessments, and
auditing methods for assessing the physical security and
cybersecurity of electric utilities; (2) provide training and
technical assistance to electric utilities to address and
mitigate cybersecurity supply chain management risks; (3)
increase opportunities for sharing best practices and data
collection within the electric sector; (4) assist with
cybersecurity training for electric utilities; (5) advance the
cybersecurity of third-party vendors that work in partnerships
with electric utilities; and (6) provide technical assistance
for electric utilities subject to the program.
Section 2(b) states that in carrying out the program under
section 2(a), the Secretary of Energy shall (1) take into
consideration different sizes of electric utilities and the
regions that such electric utilities serve; (2) prioritize
electric utilities with fewer available resources due to size
or region; and, (3) to the extent practicable, utilize and
leverage existing Department of Energy programs.
Section 2(c) states that information provided to, or
collected by, the Federal government pursuant to this section,
(1) shall be exempt from disclosure under section 552(b)(3) of
title 5, United States Code; and (2) shall not be made
available by any Federal, State, political subdivision, or
tribal law requiring disclosure of information or records.
Section 3. Report on cybersecurity and distribution systems
Section 3(a) directs the Secretary of Energy, in
consultation with State regulatory authorities, industry
stakeholders, and other Federal agencies the Secretary
determines appropriate, shall submit to Congress a report that
assesses (1) priorities, policies, procedures, and actions for
enhancing the physical security and cybersecurity of
electricity distribution systems to address threats to, and
vulnerabilities of, such electricity distribution systems.
Section 3(a)(2) further clarifies that this report will assess
implementation of such priorities, policies, procedures, and
actions, including an estimate of potential costs and benefits
of such implementation, including any public-private cost-
sharing opportunities.
Section 3(b) states that information provided to, or
collected by, the Federal government pursuant to this section,
(1) shall be exempt from disclosure under section 552(b)(3) of
title 5, United States Code; and (2) shall not be made
available by any Federal, State, political subdivision, or
tribal law requiring disclosure of information or records.
Section 4. Electricity interruption information
Section 4(a) directs that the Secretary of Energy, in
consultation with the Federal Energy Regulatory Commission,
State regulatory authorities, industry stakeholders, and other
Federal agencies the Secretary determines appropriate, shall
update the Interruption Cost Estimate Calculator, as often as
appropriate and feasible, but not less than once every 2 years.
Section 4(b) instructs that the Secretary of Energy, in
consultation with the Federal Energy Regulatory Commission,
State regulatory authorities, industry stakeholders, and other
Federal agencies the Secretary determines appropriate, shall,
as often as appropriate and feasible, update the following: (1)
The System Average Interruption Duration Index, (2) The System
Average Interruption Frequency Index, and (3) The Customer
Average Interruption Index.
Section 4(c) directs the Administrator of the Energy
Information Administration to collect information on
electricity interruption costs, if available, from a
representative sample of owners of electric grid assets through
biennial survey.
Section 5. Definitions
For this legislation the term ``electric utility'' has the
meaning given such term in section 3 of the Federal Power Act
(16 U.S.C. 796). The term ``State regulatory authority'' has
the meaning given such term in section 3 of the Federal Power
Act (16 U.S.C. 796).
CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED
This legislation does not amend any existing Federal
statute.
[all]