[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[S. 1241 Introduced in Senate (IS)]

114th CONGRESS
  1st Session
                                S. 1241

   To provide for the modernization, security, and resiliency of the 
electric grid, to require the Secretary of Energy to carry out programs 
 for research, development, demonstration, and information-sharing for 
      cybersecurity for the energy sector, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                              May 7, 2015

 Ms. Cantwell introduced the following bill; which was read twice and 
       referred to the Committee on Energy and Natural Resources

_______________________________________________________________________

                                 A BILL


 
   To provide for the modernization, security, and resiliency of the 
electric grid, to require the Secretary of Energy to carry out programs 
 for research, development, demonstration, and information-sharing for 
      cybersecurity for the energy sector, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Enhanced Grid Security Act of 
2015''.

SEC. 2. DEFINITIONS.

    In this Act:
            (1) Department.--The term ``Department'' means the 
        Department of Energy.
            (2) Electric utility.--The term ``electric utility'' has 
        the meaning given the term in section 3 of the Federal Power 
        Act (16 U.S.C. 796).
            (3) ES-ISAC.--The term ``ES-ISAC'' means the Electricity 
        Sector Information Sharing and Analysis Center.
            (4) National laboratory.--The term ``National Laboratory'' 
        has the meaning given the term in section 2 of the Energy 
        Policy Act of 2005 (42 U.S.C. 15801).
            (5) Secretary.--The term ``Secretary'' means the Secretary 
        of Energy.
            (6) Sector-specific agency.--The term ``Sector-Specific 
        Agency'' has the meaning given the term in the Presidential 
        policy directive entitled ``Critical Infrastructure Security 
        and Resilience'', numbered 21, and dated February 12, 2013.

SEC. 3. DESIGNATION OF DEPARTMENT OF ENERGY AS SECTOR-SPECIFIC AGENCY 
              FOR CYBERSECURITY FOR THE ENERGY SECTOR.

    In accordance with the Presidential policy directive entitled 
``Critical Infrastructure Security and Resilience'', numbered 21, and 
dated February 12, 2013, and this Act, the Department shall be the lead 
Sector-Specific Agency for cybersecurity for the energy sector.

SEC. 4. CYBERSECURITY FOR THE ENERGY SECTOR RESEARCH, DEVELOPMENT, AND 
              DEMONSTRATION PROGRAM.

    The Secretary, in consultation with appropriate Federal agencies, 
the energy sector, the States, and other stakeholders, shall carry out 
a program--
            (1) to develop advanced cybersecurity applications and 
        technologies for the energy sector--
                    (A) to identify and mitigate vulnerabilities, 
                including--
                            (i) dependencies on other critical 
                        infrastructure; and
                            (ii) impacts from weather, climate change, 
                        and fuel supply; and
                    (B) to advance the security of field devices and 
                third-party control systems, including--
                            (i) systems for generation, transmission, 
                        distribution, end use, and market functions;
                            (ii) specific electric grid elements 
                        including advanced metering, demand response, 
                        distributed generation, and electricity 
                        storage;
                            (iii) forensic analysis of infected 
                        systems; and
                            (iv) secure communications;
            (2) to leverage electric grid architecture as a means to 
        assess risks to the energy sector, including by implementing an 
        all-hazards approach to communications infrastructure, control 
        systems architecture, and power systems architecture;
            (3) to perform pilot demonstration projects with the energy 
        sector to gain experience with new technologies; and
            (4) to develop workforce development curricula for energy 
        sector-related cybersecurity.

SEC. 5. ENERGY SECTOR COMPONENT TESTING FOR CYBERRESILIENCE PROGRAM.

    The Secretary shall carry out a program--
            (1) to establish a cybertesting and mitigation program to 
        identify vulnerabilities of energy sector supply chain products 
        to known threats;
            (2) to oversee third-party cybertesting; and
            (3) to develop procurement guidelines for energy sector 
        supply chain components.

SEC. 6. ENERGY SECTOR OPERATIONAL SUPPORT FOR CYBERRESILIENCE PROGRAM.

    The Secretary shall carry out a program--
            (1) to enhance and periodically test--
                    (A) the emergency response capabilities of the 
                Department; and
                    (B) the coordination of the Department with other 
                agencies, the National Laboratories, and private 
                industry;
            (2) to expand cooperation of the Department with the 
        intelligence communities for energy sector-related threat 
        collection and analysis;
            (3) to enhance the tools of the Department and ES-ISAC for 
        monitoring the status of the energy sector;
            (4) to expand industry participation in ES-ISAC; and
            (5) to provide technical assistance to small electric 
        utilities for purposes of assessing cybermaturity posture.

SEC. 7. MODELING AND ASSESSING ENERGY INFRASTRUCTURE RISK.

    (a) In General.--The Secretary shall develop an advanced energy 
security program to secure energy networks, including electric, natural 
gas, and oil exploration, transmission, and delivery.
    (b) Security and Resiliency Objective.--The objective of the 
program developed under subsection (a) is to increase the functional 
preservation of the electric grid operations or natural gas and oil 
operations in the face of natural and human-made threats and hazards, 
including electric magnetic pulse and geomagnetic disturbances.
    (c) Eligible Activities.--In carrying out the program developed 
under subsection (a), the Secretary may--
            (1) develop capabilities to identify vulnerabilities and 
        critical components that pose major risks to grid security if 
        destroyed or impaired;
            (2) provide modeling at the national level to predict 
        impacts from natural or human-made events;
            (3) develop a maturity model for physical security and 
        cybersecurity;
            (4) conduct exercises and assessments to identify and 
        mitigate vulnerabilities to the electric grid, including 
        providing mitigation recommendations;
            (5) conduct research hardening solutions for critical 
        components of the electric grid;
            (6) conduct research mitigation and recovery solutions for 
        critical components of the electric grid; and
            (7) provide technical assistance to States and other 
        entities for standards and risk analysis.

SEC. 8. LEVERAGING EXISTING PROGRAMS.

    The programs established under this Act shall be carried out 
consistent with--
            (1) the report of the Department entitled ``Roadmap to 
        Achieve Energy Delivery Systems Cybersecurity'' and dated 2011;
            (2) existing programs of the Department; and
            (3) any associated strategic framework that links together 
        academic and National Laboratory researchers, electric 
        utilities, manufacturers, and any other relevant private 
        industry organizations.

SEC. 9. STUDY.

    (a) In General.--Not later than 180 days after the date of 
enactment of this Act, the Secretary, in consultation with the Federal 
Energy Regulatory Commission and the North American Electric 
Reliability Corporation, shall conduct a study to explore alternative 
management structures and funding mechanisms to expand industry 
membership and participation in ES-ISAC.
    (b) Report.--The Secretary shall submit to the appropriate 
committees of Congress a report describing the results of the study 
conducted under subsection (a).

SEC. 10. AUTHORIZATION OF APPROPRIATIONS.

    There is authorized to be appropriated to carry out this Act 
$100,000,000 for each of fiscal years 2017 through 2022.
                                 <all>