[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5239 Reported in House (RH)]

<DOC>





                                                 Union Calendar No. 614
115th CONGRESS
  2d Session
                                H. R. 5239

                          [Report No. 115-794]

To require the Secretary of Energy to establish a voluntary Cyber Sense 
program to identify and promote cyber-secure products intended for use 
           in the bulk-power system, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             March 9, 2018

Mr. Latta (for himself and Mr. McNerney) introduced the following bill; 
       which was referred to the Committee on Energy and Commerce

                             June 28, 2018

Reported with amendments, committed to the Committee of the Whole House 
          on the State of the Union, and ordered to be printed
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]
 [For text of introduced bill, see copy of bill as introduced on March 
                                9, 2018]


_______________________________________________________________________

                                 A BILL


 
To require the Secretary of Energy to establish a voluntary Cyber Sense 
program to identify and promote cyber-secure products intended for use 
           in the bulk-power system, and for other purposes.


 


    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cyber Sense Act of 2018''.

SEC. 2. CYBER SENSE.

    (a) In General.--The Secretary of Energy shall establish a 
voluntary Cyber Sense program to test the cybersecurity of products and 
technologies intended for use in the bulk-power system, as defined in 
section 215(a) of the Federal Power Act (16 U.S.C. 824o(a)).
    (b) Program Requirements.--In carrying out subsection (a), the 
Secretary of Energy shall--
            (1) establish a testing process under the Cyber Sense 
        program to test the cybersecurity of products and technologies 
        intended for use in the bulk-power system, including products 
        relating to industrial control systems and operational 
        technologies, such as supervisory control and data acquisition 
        systems;
            (2) for products and technologies tested under the Cyber 
        Sense program, establish and maintain cybersecurity 
        vulnerability reporting processes and a related database;
            (3) provide technical assistance to electric utilities, 
        product manufacturers, and other electricity sector 
        stakeholders to develop solutions to mitigate identified 
        cybersecurity vulnerabilities in products and technologies 
        tested under the Cyber Sense program;
            (4) biennially review products and technologies tested 
        under the Cyber Sense program for cybersecurity vulnerabilities 
        and provide analysis with respect to how such products and 
        technologies respond to and mitigate cyber threats;
            (5) develop guidance, that is informed by analysis and 
        testing results under the Cyber Sense program, for electric 
        utilities for procurement of products and technologies;
            (6) provide reasonable notice to the public, and solicit 
        comments from the public, prior to establishing or revising the 
        testing process under the Cyber Sense program;
            (7) oversee testing of products and technologies under the 
        Cyber Sense program; and
            (8) consider incentives to encourage the use of analysis 
        and results of testing under the Cyber Sense program in the 
        design of products and technologies for use in the bulk-power 
        system.
    (c) Disclosure of Information.--Any cybersecurity vulnerability 
reported pursuant to a process established under subsection (b)(2), the 
disclosure of which the Secretary of Energy reasonably foresees would 
cause harm to critical electric infrastructure (as defined in section 
215A of the Federal Power Act), shall be deemed to be critical electric 
infrastructure information for purposes of section 215A(d) of the 
Federal Power Act.
    (d) Federal Government Liability.--Nothing in this section shall be 
construed to authorize the commencement of an action against the United 
States Government with respect to the testing of a product or 
technology under the Cyber Sense program.
            Amend the title so as to read: ``A bill to require the 
        Secretary of Energy to establish a voluntary Cyber Sense 
        program to test the cybersecurity of products and technologies 
        intended for use in the bulk-power system, and for other 
        purposes.''.
                                                 Union Calendar No. 614

115th CONGRESS

  2d Session

                               H. R. 5239

                          [Report No. 115-794]

_______________________________________________________________________

                                 A BILL

To require the Secretary of Energy to establish a voluntary Cyber Sense 
program to identify and promote cyber-secure products intended for use 
           in the bulk-power system, and for other purposes.

_______________________________________________________________________

                             June 28, 2018

Reported with amendments, committed to the Committee of the Whole House 
          on the State of the Union, and ordered to be printed