
	

114 HR 2402 IH: Protecting Critical Infrastructure Act
U.S. House of Representatives
2015-05-18
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



		I
		114th CONGRESS
		1st Session
		H. R. 2402
		IN THE HOUSE OF REPRESENTATIVES
		
			May 18, 2015
			Ms. Lofgren (for herself and Mr. Gowdy) introduced the following bill; which was referred to the Committee on Energy and Commerce
		
		A BILL
		To amend the Federal Power Act to prohibit the public disclosure of protected information, and for
			 other purposes.
	
	
 1.Short titleThis Act may be cited as the Protecting Critical Infrastructure Act. 2.Protection of information (a)In generalPart II of the Federal Power Act (16 U.S.C. 824 et seq.) is amended by adding after section 215 the following new section:
				
					215A.Protection of information
						(a)Protection of information
 (1)Prohibition of public disclosure of protected electric security informationProtected electric security information— (A)shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and
 (B)shall not be made available by any State, local, or tribal authority pursuant to any State, local, or tribal law requiring disclosure of information or records.
								(2)Information sharing
 (A)In generalThe Commission shall promulgate such regulations and issue such orders as necessary to designate protected electric security information and to prohibit the unauthorized disclosure of such protected electric security information.
 (B)Sharing of protected electric security informationThe regulations promulgated and orders issued pursuant to subparagraph (A) shall provide standards for and authorize the appropriate voluntary sharing of protected electric security information with, between, and by Federal, State, local, and tribal authorities, the Electric Reliability Organization, regional entities, Information Sharing and Analysis Centers established pursuant to Presidential Decision Directive 63, owners, operators, and users of the bulk-power system in the United States, and other entities determined appropriate by the Commission. In promulgating such regulations and issuing such orders, the Commission shall take account of the role of State commissions in reviewing the prudence and cost of investments, determining the rates and terms of conditions for electric services, and ensuring the safety and reliability of the bulk-power system and distribution facilities within their respective jurisdictions. In promulgating such regulations and issuing such orders, the Commission may take into consideration the Controlled Unclassified Information framework established by the President. The Commission shall consult, as appropriate, with Canadian and Mexican authorities to develop protocols for the voluntary sharing of protected electric security information with, between, and by appropriate Canadian and Mexican authorities and owners, operators, and users of the bulk-power system outside the United States.
 (3)No required sharing of informationNothing in this section shall require a person or entity in possession of protected electric security information to share such information with Federal, State, local, or tribal authorities, or any other person or entity.
 (4)Submission of information to CongressNothing in this section shall permit or authorize the withholding of information from Congress, any committee or subcommittee thereof, or the Comptroller General.
 (5)Disclosure of non-protected informationIn implementing this section, the Commission shall protect from disclosure only the minimum amount of information necessary to protect the security and reliability of the bulk-power system and distribution facilities. The Commission shall segregate protected electric security information within documents and electronic communications, wherever feasible, to facilitate disclosure of information that is not designated as protected electric security information.
 (6)Duration of designationInformation may not be designated as protected electric security information for longer than 5 years, unless specifically redesignated by the Commission.
 (7)Removal of designationThe Commission shall remove the designation of protected electric security information, in whole or in part, from a document or electronic communication if the Commission determines that the unauthorized disclosure of such information could no longer be used to impair the security or reliability of the bulk-power system or distribution facilities.
 (8)Judicial review of designationsNotwithstanding section 313(b), any determination by the Commission concerning the designation of protected electric security information under this subsection shall be subject to review under chapter 7 of title 5, except that such review shall be brought in the district court of the United States in the district in which the complainant resides, or has his principal place of business, or in the District of Columbia. In such a case the court shall examine in camera the contents of documents or electronic communications that are the subject of the determination under review to determine whether such documents or any part thereof were improperly designated or not designated as protected electric security information.
 (b)DefinitionsFor purposes of this section: (1)Bulk-power system; electric Reliability Organization; regional entityThe terms bulk-power system, Electric Reliability Organization, and regional entity have the meanings given such terms in section 215.
 (2)Distribution facilitiesThe term distribution facilities means facilities used in the local distribution of electric energy. (3)Electromagnetic pulseThe term electromagnetic pulse means one or more pulses of electromagnetic energy emitted by a device capable of disabling, disrupting, or destroying electronic equipment by means of such a pulse.
 (4)Grid security threatThe term grid security threat means a substantial likelihood of— (A) (i)a malicious act using electronic communication or an electromagnetic pulse that could disrupt the operation of those electronic devices or communications networks, including hardware, software, and data, that are essential to the security or reliability of the bulk-power system; and
 (ii)disruption of the operation of such devices or networks, with significant adverse effects on the security or reliability of the bulk-power system, as a result of such act or event; or
									(B)
 (i)a direct physical attack on, or intentional interference with, the bulk-power system; and (ii)significant adverse effects on the security or reliability of the bulk-power system as a result of such physical attack or interference.
 (5)Grid security vulnerabilityThe term grid security vulnerability means a weakness in the bulk-power system that, in the event of— (A)a malicious act using electronic communication or an electromagnetic pulse, would pose a substantial risk of disruption to the operation of those electronic devices or communications networks, including hardware, software, data, and facilities, that are essential to the security or reliability of the bulk-power system; or
 (B)a direct physical attack, or intentional interference with, the bulk-power system, would pose a substantial risk of significant adverse effects on the security or reliability of the bulk-power system.
 (6)Protected electric security informationThe term protected electric security information— (A)means information generated by or provided to the Commission, other than classified national security information, that is designated as protected electric security information by the Commission under subsection (a)(2)—
 (i)that specifically discusses or identifies grid security threats, grid security vulnerabilities, or plans, procedures, or measures to address such threats or vulnerabilities; and
 (ii)the unauthorized disclosure of which could be used in a malicious manner to impair, attack, or interfere with the security or reliability of the bulk-power system or distribution facilities; and
 (B)includes data, modeling, or representations related to grid security that could be used to generate information described in subparagraph (A).
 (7)SecurityThe definition of security in section 3(16) shall not apply to the provisions in this section.. (b)Conforming amendments (1)JurisdictionSection 201(b)(2) of the Federal Power Act (16 U.S.C. 824(b)(2)) is amended by inserting 215A, after 215, each place it appears.
 (2)Public utilitySection 201(e) of the Federal Power Act (16 U.S.C. 824(e)) is amended by inserting 215A, after 215,.  