[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 2095 Introduced in Senate (IS)]

<DOC>






116th CONGRESS
  1st Session
                                S. 2095

 To provide for certain programs and developments in the Department of 
    Energy concerning the cybersecurity and vulnerabilities of, and 
    physical threats to, the electric grid, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             July 11, 2019

Mr. Gardner (for himself and Mr. Bennet) introduced the following bill; 
   which was read twice and referred to the Committee on Energy and 
                           Natural Resources

_______________________________________________________________________

                                 A BILL


 
 To provide for certain programs and developments in the Department of 
    Energy concerning the cybersecurity and vulnerabilities of, and 
    physical threats to, the electric grid, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Enhancing Grid Security through 
Public-Private Partnerships Act''.

SEC. 2. DEFINITIONS.

    In this Act:
            (1) Electric reliability organization.--The term ``Electric 
        Reliability Organization'' has the meaning given the term in 
        section 215(a) of the Federal Power Act (16 U.S.C. 824o(a)).
            (2) Electric utility; state regulatory authority.--The 
        terms ``electric utility'' and ``State regulatory authority'' 
        have the meanings given those terms in section 3 of the Federal 
        Power Act (16 U.S.C. 796).
            (3) Secretary.--The term ``Secretary'' means the Secretary 
        of Energy.

SEC. 3. PROGRAM TO PROMOTE AND ADVANCE PHYSICAL SECURITY AND 
              CYBERSECURITY OF ELECTRIC UTILITIES.

    (a) Establishment.--The Secretary, in consultation with State 
regulatory authorities, industry stakeholders, the Electric Reliability 
Organization, and any other Federal agencies that the Secretary 
determines to be appropriate, shall carry out a program--
            (1) to develop, and provide for voluntary implementation 
        of, maturity models, self-assessments, and auditing methods for 
        assessing the physical security and cybersecurity of electric 
        utilities;
            (2) to assist with threat assessment and cybersecurity 
        training for electric utilities;
            (3) to provide technical assistance for electric utilities 
        subject to the program;
            (4) to provide training to electric utilities to address 
        and mitigate cybersecurity supply chain management risks;
            (5) to advance the cybersecurity of third-party vendors in 
        partnerships with electric utilities; and
            (6) to increase opportunities for sharing best practices 
        and data collection within the electric sector.
    (b) Scope.--In carrying out the program under subsection (a), the 
Secretary shall--
            (1) take into consideration--
                    (A) the different sizes of electric utilities; and
                    (B) the regions that electric utilities serve;
            (2) prioritize electric utilities with fewer available 
        resources due to size or region; and
            (3) to the maximum extent practicable, use and leverage--
                    (A) existing Department of Energy programs; and
                    (B) existing programs of the Federal agencies 
                determined to be appropriate under subsection (a).
    (c) Protection of Information.--Information provided to, or 
collected by, the Federal Government pursuant to this section--
            (1) shall be exempt from disclosure under section 552(b)(3) 
        of title 5, United States Code; and
            (2) shall not be made available by any Federal agency, 
        State, political subdivision of a State, or Tribal authority 
        pursuant to any Federal, State, political subdivision of a 
        State, or Tribal law, respectively, requiring public disclosure 
        of information or records.

SEC. 4. REPORT ON CYBERSECURITY AND DISTRIBUTION SYSTEMS.

    (a) In General.--Not later than 1 year after the date of enactment 
of this Act, the Secretary, in consultation with State regulatory 
authorities, industry stakeholders, and any other Federal agencies that 
the Secretary determines to be appropriate, shall submit to Congress a 
report that assesses--
            (1) priorities, policies, procedures, and actions for 
        enhancing the physical security and cybersecurity of 
        electricity distribution systems, including behind-the-meter 
        generation, storage, and load management devices, to address 
        threats to, and vulnerabilities of, electricity distribution 
        systems; and
            (2) the implementation of the priorities, policies, 
        procedures, and actions assessed under paragraph (1), 
        including--
                    (A) an estimate of potential costs and benefits of 
                the implementation; and
                    (B) an assessment of any public-private cost-
                sharing opportunities.
    (b) Protection of Information.--Information provided to, or 
collected by, the Federal Government under this section--
            (1) shall be exempt from disclosure under section 552(b)(3) 
        of title 5, United States Code; and
            (2) shall not be made available by any Federal agency, 
        State, political subdivision of a State, or Tribal authority 
        pursuant to any Federal, State, political subdivision of a 
        State, or Tribal law, respectively, requiring public disclosure 
        of information or records.
                                 <all>