119 S1902 IS: Energy Threat Analysis Program Act of 2025
U.S. Senate
2025-05-22
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.
1.This Act may be cited as the Energy Threat Analysis Program Act of 2025
or the ETAP Act of 2025
. 2.In this Act:
(1)The term Department
means the Department of Energy. (2)The term Program
means the energy threat analysis program established under section 3.
(3)The term Secretary
means the Secretary of Energy. 3.Energy Threat Analysis Program (a)As part of the program developed under section 40125(c) of the Infrastructure Investment and Jobs Act (42 U.S.C. 18724(c)), the Secretary shall establish an energy threat analysis program—
(1)under which the Office of Cybersecurity, Energy Security, and Emergency Response, in consultation with the Office of Intelligence and Counterintelligence, may establish, for activities of the program to advance public-private operational collaboration— (A)an Energy Threat Analysis Center as a physical location; and
(B)any other additional facilities, as necessary; (2)to enhance situational awareness of threats to the security of the energy sector;
(3)to analyze threats against the security of the energy sector; (4)to identify relevant security threat mitigation measures for energy systems;
(5)to support relevant response and restoration activities for the energy sector under existing constructs; (6)to inform research and development activities in support of the security of critical energy systems, technologies, and components;
(7)to conduct other security and resilience efforts identified by the Secretary; (8)to enhance and periodically test the emergency response capabilities of the Department;
(9) to expand cooperation of the Department with the intelligence community for energy sector-related threat collection and analysis; (10)to enhance the tools of the Department and the Electricity Information Sharing and Analysis Center for monitoring the status of the energy sector; and
(11)to expand industry participation in the Electricity Information Sharing and Analysis Center. (b)The Program shall be—
(1)directed by the Secretary; (2)managed by the Office of Cybersecurity, Energy Security, and Emergency Response; and
(3)supported by the Office of Intelligence and Counterintelligence. (c)The functions of the Program shall include—
(1)supporting public-private operational collaboration for the government and industry— (A)to develop actionable operational information relating to threats to the security of the energy sector; and
(B)to develop and offer meaningful threat mitigation advice and actions to enhance— (i)the defense of, and response to security threats to, the energy sector; and
(ii)the resilience of the United States energy sector; (2)enabling collaboration in the production and exchange of information on threat activity among government and industry to address energy security and resilience and shared energy sector security threats relating to national security, public health, safety, and the economy;
(3)improving detailed understanding of national security risks associated with the energy sector that are or could be exploited by adversaries, including nation-states; (4)achieving a deeper understanding of the tactics, capabilities, and activities of threat actors that have the potential to impact systemic risks to the energy sector; and
(5)facilitating increased collaboration between government and industry, including the sharing of information regarding actual acute threat activity, including incidents, in a secure setting, physical and virtual, to facilitate the energy security and resilience of the United States. (d)Coordination and integrationIn carrying out the responsibilities of the Program, the Program shall—
(1)align priorities of and enable support from— (A)the Department of Homeland Security, including the Cybersecurity and Infrastructure Security Agency;
(B)the Department of Defense, including United States Cyber Command, the National Security Agency, and the Army Interagency Training and Education Center of the National Guard Bureau; (C)the Department of Justice, including the Federal Bureau of Investigation;
(D)the Office of the Director of National Intelligence; and (E)other Federal agencies and departments, as determined by the Secretary;
(2)ensure that the processes used by the Program are performed in collaboration with the activities of the Department of Homeland Security and the Department of Defense relating to cybersecurity, including— (A)the Joint Cyber Defense Collaborative of the Cybersecurity and Infrastructure Security Agency; and
(B)the Cybersecurity Collaboration Center and Enduring Security Framework of the National Security Agency; (3)regularly consult with appropriate representatives of non-Federal entities, such as—
(A) State, local, federally recognized Tribal, and territorial governments; (B)information sharing and analysis organizations, including information sharing and analysis centers such as the Electricity Information Sharing and Analysis Center; and
(C)other appropriate representatives or entities, including private entities, such as manufacturers and vendors, that contribute to the energy sector, as determined by the Secretary; (4)leverage the existing capabilities and services of advanced technology providers, including—
(A)National Laboratories with relevant capabilities; (B)commercial threat intelligence production and cyber incident response entities; and
(C)energy infrastructure vendors and integrators; and (5)as appropriate, protect information submitted to and shared by the Program consistent with applicable laws, regulations, policies, and procedures.
(e)
(1)The provision of assistance or information to governmental or private entities under this section shall be at the sole and unreviewable discretion of the Secretary. (2)Certain assistance or informationThe provision of certain assistance or information to a governmental or private entity pursuant to this section shall not create a right or benefit, substantive or procedural, for any other governmental or private entity to similar assistance or information.
(f)No entity of concern (as defined in section 10114(a) of the Research and Development, Competition, and Innovation Act (42 U.S.C. 18912(a))) shall participate in any manner in carrying out the functions of the Program. (g)The Program shall terminate on the date that is 10 years after the date of enactment of this Act.
(h)The Program shall be exempt from complying with the requirements of chapter 10 of title 5, United States Code (including regulations). (i)Exemption from disclosureInformation shared by or with the Federal Government or a State, Tribal, or local government under this Act shall be—
(1)deemed to be voluntarily shared information; (2)exempt from disclosure under section 552 of title 5, United States Code, or any provision of any State, Tribal, or local freedom of information law, open government law, open meetings law, open records law, sunshine law, or similar law requiring the disclosure of information or records; and
(3)withheld from the public, without discretion, under section 552(b)(3) of title 5, United States Code, or any provision of any State, Tribal, or local law requiring the nondisclosure of sensitive information or records. (j)The Secretary shall submit to Congress an annual report that describes, for the year covered by the report—
(1)the achievements of the Program; and (2)areas for improvement with respect to the activities and operations of the Program.
(k)Authorization of appropriationsThere is authorized to be appropriated to the Secretary to carry out this section $50,000,000 for the period of fiscal years 2025 through 2029.