
	

114 S1241 IS: Enhanced Grid Security Act of 2015
U.S. Senate
2015-05-07
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



		II
		114th CONGRESS1st Session
		S. 1241
		IN THE SENATE OF THE UNITED STATES
		
			May 7, 2015
			Ms. Cantwell introduced the following bill; which was read twice and referred to the Committee on Energy and Natural Resources
		
		A BILL
		To provide for the modernization, security, and resiliency of the electric grid, to require the
			 Secretary of Energy to carry out programs for research, development,
			 demonstration,
			 and information-sharing for cybersecurity for the energy sector, and for
			 other purposes.
	
	
		1.Short title
 This Act may be cited as the Enhanced Grid Security Act of 2015.
 2.DefinitionsIn this Act: (1)DepartmentThe term Department means the Department of Energy.
 (2)Electric utilityThe term electric utility has the meaning given the term in section 3 of the Federal Power Act (16 U.S.C. 796). (3)ES-ISACThe term ES-ISAC means the Electricity Sector Information Sharing and Analysis Center.
			(4)National
 LaboratoryThe term National Laboratory has the meaning given the term in section 2 of the Energy Policy Act of 2005 (42 U.S.C. 15801).
 (5)SecretaryThe term Secretary means the Secretary of Energy. (6)Sector-Specific AgencyThe term Sector-Specific Agency has the meaning given the term in the Presidential policy directive entitled Critical Infrastructure Security and Resilience, numbered 21, and dated February 12, 2013.
			3.Designation of Department of Energy as Sector-Specific Agency for cybersecurity for the energy
 sectorIn accordance with the Presidential policy directive entitled Critical Infrastructure Security and Resilience, numbered 21, and dated February 12, 2013, and this Act, the Department shall be the lead Sector-Specific Agency for cybersecurity for the energy sector.
 4.Cybersecurity for the energy sector research, development, and demonstration programThe Secretary, in consultation with appropriate Federal agencies, the energy sector, the States, and other stakeholders, shall carry out a program—
 (1)to develop advanced cybersecurity applications and technologies for the energy sector— (A)to identify and mitigate vulnerabilities, including—
 (i)dependencies on other critical infrastructure; and (ii)impacts from weather, climate change, and fuel supply; and
 (B)to advance the security of field devices and third-party control systems, including— (i)systems for generation, transmission, distribution, end use, and market functions;
 (ii)specific electric grid elements including advanced metering, demand response, distributed generation, and electricity storage;
 (iii)forensic analysis of infected systems; and (iv)secure communications;
 (2)to leverage electric grid architecture as a means to assess risks to the energy sector, including by implementing an all-hazards approach to communications infrastructure, control systems architecture, and power systems architecture;
 (3)to perform pilot demonstration projects with the energy sector to gain experience with new technologies; and
 (4)to develop workforce development curricula for energy sector-related cybersecurity. 5.Energy sector component testing for cyberresilience programThe Secretary shall carry out a program—
 (1)to establish a cybertesting and mitigation program to identify vulnerabilities of energy sector supply chain products to known threats;
 (2)to oversee third-party cybertesting; and (3)to develop procurement guidelines for energy sector supply chain components.
 6.Energy sector operational support for cyberresilience programThe Secretary shall carry out a program— (1)to enhance and periodically test—
 (A)the emergency response capabilities of the Department; and (B)the coordination of the Department with other agencies, the National Laboratories, and private industry;
 (2)to expand cooperation of the Department with the intelligence communities for energy sector-related threat collection and analysis;
 (3)to enhance the tools of the Department and ES-ISAC for monitoring the status of the energy sector; (4)to expand industry participation in ES-ISAC; and
 (5)to provide technical assistance to small electric utilities for purposes of assessing cybermaturity posture.
			7.Modeling and assessing energy infrastructure risk
 (a)In generalThe Secretary shall develop an advanced energy security program to secure energy networks, including electric, natural gas, and oil exploration, transmission, and delivery.
 (b)Security and resiliency objectiveThe objective of the program developed under subsection (a) is to increase the functional preservation of the electric grid operations or natural gas and oil operations in the face of natural and human-made threats and hazards, including electric magnetic pulse and geomagnetic disturbances.
 (c)Eligible activitiesIn carrying out the program developed under subsection (a), the Secretary may— (1)develop capabilities to identify vulnerabilities and critical components that pose major risks to grid security if destroyed or impaired;
 (2)provide modeling at the national level to predict impacts from natural or human-made events; (3)develop a maturity model for physical security and cybersecurity;
 (4)conduct exercises and assessments to identify and mitigate vulnerabilities to the electric grid, including providing mitigation recommendations;
 (5)conduct research hardening solutions for critical components of the electric grid; (6)conduct research mitigation and recovery solutions for critical components of the electric grid; and
 (7)provide technical assistance to States and other entities for standards and risk analysis. 8.Leveraging existing programsThe programs established under this Act shall be carried out consistent with—
 (1)the report of the Department entitled Roadmap to Achieve Energy Delivery Systems Cybersecurity and dated 2011; (2)existing programs of the Department; and
 (3)any associated strategic framework that links together academic and National Laboratory researchers, electric utilities, manufacturers, and any other relevant private industry organizations.
			9.Study
 (a)In generalNot later than 180 days after the date of enactment of this Act, the Secretary, in consultation with the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation, shall conduct a study to explore alternative management structures and funding mechanisms to expand industry membership and participation in ES-ISAC.
 (b)ReportThe Secretary shall submit to the appropriate committees of Congress a report describing the results of the study conducted under subsection (a).
 10.Authorization of appropriationsThere is authorized to be appropriated to carry out this Act $100,000,000 for each of fiscal years 2017 through 2022.
