
	

115 S3677 IS: Enhancing Grid Security through Public-Private Partnerships Act
U.S. Senate
2018-11-29
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



		II
		115th CONGRESS2d Session
		S. 3677
		IN THE SENATE OF THE UNITED STATES
		
			November 29, 2018
			Mr. Gardner (for himself and Mr. Bennet) introduced the following bill; which was read twice and referred to the Committee on Energy and Natural Resources
		
		A BILL
		To provide for certain programs and developments in the Department of Energy concerning the
			 cybersecurity and vulnerabilities of, and physical threats to, the
			 electric grid, and for other purposes.
	
	
		1.Short title
 This Act may be cited as the Enhancing Grid Security through Public-Private Partnerships Act.
 2.DefinitionsIn this Act: (1)Electric Reliability OrganizationThe term Electric Reliability Organization has the meaning given the term in section 215(a) of the Federal Power Act (16 U.S.C. 824o(a)).
 (2)Electric utility; State regulatory authorityThe terms electric utility and State regulatory authority have the meanings given those terms in section 3 of the Federal Power Act (16 U.S.C. 796). (3)SecretaryThe term Secretary means the Secretary of Energy.
			3.Program to promote and advance physical security and cybersecurity of electric utilities
 (a)EstablishmentThe Secretary, in consultation with State regulatory authorities, industry stakeholders, the Electric Reliability Organization, and any other Federal agencies that the Secretary determines to be appropriate, shall carry out a program—
 (1)to develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities;
 (2)to assist with threat assessment and cybersecurity training for electric utilities; (3)to provide technical assistance for electric utilities subject to the program;
 (4)to provide training to electric utilities to address and mitigate cybersecurity supply chain management risks;
 (5)to advance the cybersecurity of third-party vendors in partnerships with electric utilities; and (6)to increase opportunities for sharing best practices and data collection within the electric sector.
 (b)ScopeIn carrying out the program under subsection (a), the Secretary shall— (1)take into consideration—
 (A)the different sizes of electric utilities; and (B)the regions that electric utilities serve;
 (2)prioritize— (A)electric utilities with respect to which the Secretary has substantial concerns; and
 (B)electric utilities with fewer available resources due to size or region; and (3)to the maximum extent practicable, use and leverage—
 (A)existing Department of Energy programs; and (B)existing programs of the Federal agencies determined to be appropriate under subsection (a).
 (c)Protection of informationInformation provided to, or collected by, the Federal Government pursuant to this section— (1)shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and
 (2)shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.
				4.Report on cybersecurity and distribution systems
 (a)In generalNot later than 1 year after the date of enactment of this Act, the Secretary, in consultation with State regulatory authorities, industry stakeholders, and any other Federal agencies that the Secretary determines to be appropriate, shall submit to Congress a report that assesses—
 (1)priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems, including behind-the-meter generation, storage, and load management devices to address threats to, and vulnerabilities of, electricity distribution systems; and
 (2)the implementation of the priorities, policies, procedures, and actions assessed under paragraph (1), including—
 (A)an estimate of potential costs and benefits of the implementation; and (B)an assessment of any public-private cost-sharing opportunities.
 (b)Protection of informationInformation provided to, or collected by, the Federal Government under this section— (1)shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and
 (2)shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.
				
