[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 359 Reported in House (RH)]

<DOC>





                                                 Union Calendar No. 202
116th CONGRESS
  1st Session
                                H. R. 359

                          [Report No. 116-254]

 To provide for certain programs and developments in the Department of 
    Energy concerning the cybersecurity and vulnerabilities of, and 
    physical threats to, the electric grid, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            January 9, 2019

Mr. McNerney (for himself and Mr. Latta) introduced the following bill; 
       which was referred to the Committee on Energy and Commerce

                            October 28, 2019

         Additional sponsors: Mr. Van Drew and Mr. Fitzpatrick

                            October 28, 2019

Committed to the Committee of the Whole House on the State of the Union 
                       and ordered to be printed


_______________________________________________________________________

                                 A BILL


 
 To provide for certain programs and developments in the Department of 
    Energy concerning the cybersecurity and vulnerabilities of, and 
    physical threats to, the electric grid, and for other purposes.


 


    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Enhancing Grid Security through 
Public-Private Partnerships Act''.

SEC. 2. PROGRAM TO PROMOTE AND ADVANCE PHYSICAL SECURITY AND 
              CYBERSECURITY OF ELECTRIC UTILITIES.

    (a) Establishment.--The Secretary of Energy, in consultation with 
State regulatory authorities, industry stakeholders, the Electric 
Reliability Organization, and other Federal agencies the Secretary 
determines appropriate, shall carry out a program to--
            (1) develop, and provide for voluntary implementation of, 
        maturity models, self-assessments, and auditing methods for 
        assessing the physical security and cybersecurity of electric 
        utilities;
            (2) provide training to electric utilities to address and 
        mitigate cybersecurity supply chain management risks;
            (3) increase opportunities for sharing best practices and 
        data collection within the electric sector;
            (4) assist with cybersecurity training for electric 
        utilities;
            (5) advance the cybersecurity of third-party vendors that 
        work in partnerships with electric utilities; and
            (6) provide technical assistance for electric utilities 
        subject to the program.
    (b) Scope.--In carrying out the program under subsection (a), the 
Secretary of Energy shall--
            (1) take into consideration different sizes of electric 
        utilities and the regions that such electric utilities serve;
            (2) prioritize electric utilities with fewer available 
        resources due to size or region; and
            (3) to the extent practicable, utilize and leverage 
        existing Department of Energy programs.
    (c) Protection of Information.--Information provided to, or 
collected by, the Federal Government pursuant to this section--
            (1) shall be exempt from disclosure under section 552(b)(3) 
        of title 5, United States Code; and
            (2) shall not be made available by any Federal, State, 
        political subdivision or tribal authority pursuant to any 
        Federal, State, political subdivision, or tribal law requiring 
        public disclosure of information or records.

SEC. 3. REPORT ON CYBERSECURITY AND DISTRIBUTION SYSTEMS.

    (a) In General.--The Secretary of Energy, in consultation with 
State regulatory authorities, industry stakeholders, and other Federal 
agencies the Secretary determines appropriate, shall submit to Congress 
a report that assesses--
            (1) priorities, policies, procedures, and actions for 
        enhancing the physical security and cybersecurity of 
        electricity distribution systems to address threats to, and 
        vulnerabilities of, such electricity distribution systems; and
            (2) implementation of such priorities, policies, 
        procedures, and actions, including an estimate of potential 
        costs and benefits of such implementation, including any 
        public-private cost-sharing opportunities.
    (b) Protection of Information.--Information provided to, or 
collected by, the Federal Government pursuant to this section--
            (1) shall be exempt from disclosure under section 552(b)(3) 
        of title 5, United States Code; and
            (2) shall not be made available by any Federal, State, 
        political subdivision or tribal authority pursuant to any 
        Federal, State, political subdivision, or tribal law requiring 
        public disclosure of information or records.

SEC. 4. ELECTRICITY INTERRUPTION INFORMATION.

    (a) Interruption Cost Estimate Calculator.--The Secretary of 
Energy, in consultation with the Federal Energy Regulatory Commission, 
State regulatory authorities, industry stakeholders, and other Federal 
agencies the Secretary determines appropriate, shall update the 
Interruption Cost Estimate Calculator, as often as appropriate and 
feasible, but not less than once every 2 years.
    (b) Indices.--The Secretary of Energy, in consultation with the 
Federal Energy Regulatory Commission, State regulatory authorities, 
industry stakeholders, and other Federal agencies the Secretary 
determines appropriate, shall, as often as appropriate and feasible, 
update the following:
            (1) The System Average Interruption Duration Index.
            (2) The System Average Interruption Frequency Index.
            (3) The Customer Average Interruption Duration Index.
    (c) Survey.--The Administrator of the Energy Information 
Administration shall collect information on electricity interruption 
costs, if available, from a representative sample of owners of electric 
grid assets through a biennial survey.

SEC. 5. DEFINITIONS.

    In the Act, the following definitions apply:
            (1) Electric reliability organization.--The term ``Electric 
        Reliability Organization'' has the meaning given such term in 
        section 215(a)(2) of the Federal Power Act (16 U.S.C. 
        824o(a)(2)).
            (2) Electric utility.--The term ``electric utility'' has 
        the meaning given such term in section 3 of the Federal Power 
        Act (16 U.S.C. 796).
            (3) State regulatory authority.--The term ``State 
        regulatory authority'' has the meaning given such term in 
        section 3 of the Federal Power Act (16 U.S.C. 796).
                                                 Union Calendar No. 202

116th CONGRESS

  1st Session

                               H. R. 359

                          [Report No. 116-254]

_______________________________________________________________________

                                 A BILL

 To provide for certain programs and developments in the Department of 
    Energy concerning the cybersecurity and vulnerabilities of, and 
    physical threats to, the electric grid, and for other purposes.

_______________________________________________________________________

                            October 28, 2019

Committed to the Committee of the Whole House on the State of the Union 
                       and ordered to be printed