117 HR 2928 RH: Cyber Sense Act of 2021 U.S. House of Representatives 2021-07-19 text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.

IB Union Calendar No. 66 117th CONGRESS1st Session H. R. 2928 [Report No. 117–92] IN THE HOUSE OF REPRESENTATIVES April 30, 2021 Mr. Latta (for himself and Mr. McNerney) introduced the following bill; which was referred to the Committee on Energy and Commerce July 19, 2021 Additional sponsors: Mr. Burgess, Mr. Bucshon, Mrs. Lesko, Mr. Keller, Mr. McKinley, Ms. Kuster, Mr. Michael F. Doyle of Pennsylvania, Mr. Soto, Ms. Spanberger, Mr. Delgado, Mr. Crow, and Mr. Davidson July 19, 2021 Reported from the Committee on Energy and Commerce; committed to the Committee of the Whole House on the State of the Union and ordered to be printed A BILL To require the Secretary of Energy to establish a voluntary Cyber Sense program to test the cybersecurity of products and technologies intended for use in the bulk-power system, and for other purposes.

1.

Short title

This Act may be cited as the Cyber Sense Act of 2021.

2.

Cyber Sense

(a)

In general

The Secretary of Energy, in coordination with relevant Federal agencies, shall establish a voluntary Cyber Sense program to test the cybersecurity of products and technologies intended for use in the bulk-power system, as defined in section 215(a) of the Federal Power Act (16 U.S.C. 824o(a)). (b)

Program requirements

In carrying out subsection (a), the Secretary of Energy shall— (1)establish a testing process under the Cyber Sense program to test the cybersecurity of products and technologies intended for use in the bulk-power system, including products relating to industrial control systems and operational technologies, such as supervisory control and data acquisition systems; (2)for products and technologies tested under the Cyber Sense program, establish and maintain cybersecurity vulnerability reporting processes and a related database; (3)provide technical assistance to electric utilities, product manufacturers, and other electricity sector stakeholders to develop solutions to mitigate identified cybersecurity vulnerabilities in products and technologies tested under the Cyber Sense program; (4)biennially review products and technologies tested under the Cyber Sense program for cybersecurity vulnerabilities and provide analysis with respect to how such products and technologies respond to and mitigate cyber threats; (5)develop guidance, that is informed by analysis and testing results under the Cyber Sense program, for electric utilities for procurement of products and technologies; (6)provide reasonable notice to the public, and solicit comments from the public, prior to establishing or revising the testing process under the Cyber Sense program; (7)oversee testing of products and technologies under the Cyber Sense program; and (8)consider incentives to encourage the use of analysis and results of testing under the Cyber Sense program in the design of products and technologies for use in the bulk-power system. (c)

Disclosure of information

Any cybersecurity vulnerability reported pursuant to a process established under subsection (b)(2), the disclosure of which the Secretary of Energy reasonably foresees would cause harm to critical electric infrastructure (as defined in section 215A of the Federal Power Act), shall be deemed to be critical electric infrastructure information for purposes of section 215A(d) of the Federal Power Act. (d)

Federal Government liability

Nothing in this section shall be construed to authorize the commencement of an action against the United States Government with respect to the testing of a product or technology under the Cyber Sense program.

July 19, 2021 Committed to the Committee of the Whole House on the State of the Union and ordered to be printed