[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[H.R. 2402 Introduced in House (IH)]

114th CONGRESS
  1st Session
                                H. R. 2402

  To amend the Federal Power Act to prohibit the public disclosure of 
             protected information, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              May 18, 2015

Ms. Lofgren (for herself and Mr. Gowdy) introduced the following bill; 
       which was referred to the Committee on Energy and Commerce

_______________________________________________________________________

                                 A BILL


 
  To amend the Federal Power Act to prohibit the public disclosure of 
             protected information, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Protecting Critical Infrastructure 
Act''.

SEC. 2. PROTECTION OF INFORMATION.

    (a) In General.--Part II of the Federal Power Act (16 U.S.C. 824 et 
seq.) is amended by adding after section 215 the following new section:

``SEC. 215A. PROTECTION OF INFORMATION.

    ``(a) Protection of Information.--
            ``(1) Prohibition of public disclosure of protected 
        electric security information.--Protected electric security 
        information--
                    ``(A) shall be exempt from disclosure under section 
                552(b)(3) of title 5, United States Code; and
                    ``(B) shall not be made available by any State, 
                local, or tribal authority pursuant to any State, 
                local, or tribal law requiring disclosure of 
                information or records.
            ``(2) Information sharing.--
                    ``(A) In general.--The Commission shall promulgate 
                such regulations and issue such orders as necessary to 
                designate protected electric security information and 
                to prohibit the unauthorized disclosure of such 
                protected electric security information.
                    ``(B) Sharing of protected electric security 
                information.--The regulations promulgated and orders 
                issued pursuant to subparagraph (A) shall provide 
                standards for and authorize the appropriate voluntary 
                sharing of protected electric security information 
                with, between, and by Federal, State, local, and tribal 
                authorities, the Electric Reliability Organization, 
                regional entities, Information Sharing and Analysis 
                Centers established pursuant to Presidential Decision 
                Directive 63, owners, operators, and users of the bulk-
                power system in the United States, and other entities 
                determined appropriate by the Commission. In 
                promulgating such regulations and issuing such orders, 
                the Commission shall take account of the role of State 
                commissions in reviewing the prudence and cost of 
                investments, determining the rates and terms of 
                conditions for electric services, and ensuring the 
                safety and reliability of the bulk-power system and 
                distribution facilities within their respective 
                jurisdictions. In promulgating such regulations and 
                issuing such orders, the Commission may take into 
                consideration the Controlled Unclassified Information 
                framework established by the President. The Commission 
                shall consult, as appropriate, with Canadian and 
                Mexican authorities to develop protocols for the 
                voluntary sharing of protected electric security 
                information with, between, and by appropriate Canadian 
                and Mexican authorities and owners, operators, and 
                users of the bulk-power system outside the United 
                States.
            ``(3) No required sharing of information.--Nothing in this 
        section shall require a person or entity in possession of 
        protected electric security information to share such 
        information with Federal, State, local, or tribal authorities, 
        or any other person or entity.
            ``(4) Submission of information to congress.--Nothing in 
        this section shall permit or authorize the withholding of 
        information from Congress, any committee or subcommittee 
        thereof, or the Comptroller General.
            ``(5) Disclosure of non-protected information.--In 
        implementing this section, the Commission shall protect from 
        disclosure only the minimum amount of information necessary to 
        protect the security and reliability of the bulk-power system 
        and distribution facilities. The Commission shall segregate 
        protected electric security information within documents and 
        electronic communications, wherever feasible, to facilitate 
        disclosure of information that is not designated as protected 
        electric security information.
            ``(6) Duration of designation.--Information may not be 
        designated as protected electric security information for 
        longer than 5 years, unless specifically redesignated by the 
        Commission.
            ``(7) Removal of designation.--The Commission shall remove 
        the designation of protected electric security information, in 
        whole or in part, from a document or electronic communication 
        if the Commission determines that the unauthorized disclosure 
        of such information could no longer be used to impair the 
        security or reliability of the bulk-power system or 
        distribution facilities.
            ``(8) Judicial review of designations.--Notwithstanding 
        section 313(b), any determination by the Commission concerning 
        the designation of protected electric security information 
        under this subsection shall be subject to review under chapter 
        7 of title 5, except that such review shall be brought in the 
        district court of the United States in the district in which 
        the complainant resides, or has his principal place of 
        business, or in the District of Columbia. In such a case the 
        court shall examine in camera the contents of documents or 
        electronic communications that are the subject of the 
        determination under review to determine whether such documents 
        or any part thereof were improperly designated or not 
        designated as protected electric security information.
    ``(b) Definitions.--For purposes of this section:
            ``(1) Bulk-power system; electric reliability organization; 
        regional entity.--The terms `bulk-power system', `Electric 
        Reliability Organization', and `regional entity' have the 
        meanings given such terms in section 215.
            ``(2) Distribution facilities.--The term `distribution 
        facilities' means facilities used in the local distribution of 
        electric energy.
            ``(3) Electromagnetic pulse.--The term `electromagnetic 
        pulse' means one or more pulses of electromagnetic energy 
        emitted by a device capable of disabling, disrupting, or 
        destroying electronic equipment by means of such a pulse.
            ``(4) Grid security threat.--The term `grid security 
        threat' means a substantial likelihood of--
                    ``(A)(i) a malicious act using electronic 
                communication or an electromagnetic pulse that could 
                disrupt the operation of those electronic devices or 
                communications networks, including hardware, software, 
                and data, that are essential to the security or 
                reliability of the bulk-power system; and
                    ``(ii) disruption of the operation of such devices 
                or networks, with significant adverse effects on the 
                security or reliability of the bulk-power system, as a 
                result of such act or event; or
                    ``(B)(i) a direct physical attack on, or 
                intentional interference with, the bulk-power system; 
                and
                    ``(ii) significant adverse effects on the security 
                or reliability of the bulk-power system as a result of 
                such physical attack or interference.
            ``(5) Grid security vulnerability.--The term `grid security 
        vulnerability' means a weakness in the bulk-power system that, 
        in the event of--
                    ``(A) a malicious act using electronic 
                communication or an electromagnetic pulse, would pose a 
                substantial risk of disruption to the operation of 
                those electronic devices or communications networks, 
                including hardware, software, data, and facilities, 
                that are essential to the security or reliability of 
                the bulk-power system; or
                    ``(B) a direct physical attack, or intentional 
                interference with, the bulk-power system, would pose a 
                substantial risk of significant adverse effects on the 
                security or reliability of the bulk-power system.
            ``(6) Protected electric security information.--The term 
        `protected electric security information'--
                    ``(A) means information generated by or provided to 
                the Commission, other than classified national security 
                information, that is designated as protected electric 
                security information by the Commission under subsection 
                (a)(2)--
                            ``(i) that specifically discusses or 
                        identifies grid security threats, grid security 
                        vulnerabilities, or plans, procedures, or 
                        measures to address such threats or 
                        vulnerabilities; and
                            ``(ii) the unauthorized disclosure of which 
                        could be used in a malicious manner to impair, 
                        attack, or interfere with the security or 
                        reliability of the bulk-power system or 
                        distribution facilities; and
                    ``(B) includes data, modeling, or representations 
                related to grid security that could be used to generate 
                information described in subparagraph (A).
            ``(7) Security.--The definition of `security' in section 
        3(16) shall not apply to the provisions in this section.''.
    (b) Conforming Amendments.--
            (1) Jurisdiction.--Section 201(b)(2) of the Federal Power 
        Act (16 U.S.C. 824(b)(2)) is amended by inserting ``215A,'' 
        after ``215,'' each place it appears.
            (2) Public utility.--Section 201(e) of the Federal Power 
        Act (16 U.S.C. 824(e)) is amended by inserting ``215A,'' after 
        ``215,''.
                                 <all>