[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 360 Reported in House (RH)]

<DOC>





                                                 Union Calendar No. 204
116th CONGRESS
  1st Session
                                H. R. 360

                          [Report No. 116-256]

To require the Secretary of Energy to establish a voluntary Cyber Sense 
program to test the cybersecurity of products and technologies intended 
       for use in the bulk-power system, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            January 9, 2019

Mr. Latta (for himself and Mr. McNerney) introduced the following bill; 
       which was referred to the Committee on Energy and Commerce

                            October 28, 2019

      Additional sponsors: Mr. Norman and Mr. Harder of California

                            October 28, 2019

Committed to the Committee of the Whole House on the State of the Union 
                       and ordered to be printed

_______________________________________________________________________

                                 A BILL


 
To require the Secretary of Energy to establish a voluntary Cyber Sense 
program to test the cybersecurity of products and technologies intended 
       for use in the bulk-power system, and for other purposes.


 


    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cyber Sense Act of 2019''.

SEC. 2. CYBER SENSE.

    (a) In General.--The Secretary of Energy shall establish a 
voluntary Cyber Sense program to test the cybersecurity of products and 
technologies intended for use in the bulk-power system, as defined in 
section 215(a) of the Federal Power Act (16 U.S.C. 824o(a)).
    (b) Program Requirements.--In carrying out subsection (a), the 
Secretary of Energy shall--
            (1) establish a testing process under the Cyber Sense 
        program to test the cybersecurity of products and technologies 
        intended for use in the bulk-power system, including products 
        relating to industrial control systems and operational 
        technologies, such as supervisory control and data acquisition 
        systems;
            (2) for products and technologies tested under the Cyber 
        Sense program, establish and maintain cybersecurity 
        vulnerability reporting processes and a related database;
            (3) provide technical assistance to electric utilities, 
        product manufacturers, and other electricity sector 
        stakeholders to develop solutions to mitigate identified 
        cybersecurity vulnerabilities in products and technologies 
        tested under the Cyber Sense program;
            (4) biennially review products and technologies tested 
        under the Cyber Sense program for cybersecurity vulnerabilities 
        and provide analysis with respect to how such products and 
        technologies respond to and mitigate cyber threats;
            (5) develop guidance, that is informed by analysis and 
        testing results under the Cyber Sense program, for electric 
        utilities for procurement of products and technologies;
            (6) provide reasonable notice to the public, and solicit 
        comments from the public, prior to establishing or revising the 
        testing process under the Cyber Sense program;
            (7) oversee testing of products and technologies under the 
        Cyber Sense program; and
            (8) consider incentives to encourage the use of analysis 
        and results of testing under the Cyber Sense program in the 
        design of products and technologies for use in the bulk-power 
        system.
    (c) Disclosure of Information.--Any cybersecurity vulnerability 
reported pursuant to a process established under subsection (b)(2), the 
disclosure of which the Secretary of Energy reasonably foresees would 
cause harm to critical electric infrastructure (as defined in section 
215A of the Federal Power Act), shall be deemed to be critical electric 
infrastructure information for purposes of section 215A(d) of the 
Federal Power Act.
    (d) Federal Government Liability.--Nothing in this section shall be 
construed to authorize the commencement of an action against the United 
States Government with respect to the testing of a product or 
technology under the Cyber Sense program.
                                                 Union Calendar No. 204

116th CONGRESS

  1st Session

                               H. R. 360

                          [Report No. 116-256]

_______________________________________________________________________

                                 A BILL

To require the Secretary of Energy to establish a voluntary Cyber Sense 
program to test the cybersecurity of products and technologies intended 
       for use in the bulk-power system, and for other purposes.

_______________________________________________________________________

                            October 28, 2019

Committed to the Committee of the Whole House on the State of the Union 
                       and ordered to be printed