[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 2333 Reported in Senate (RS)]

<DOC>





                                                       Calendar No. 264
116th CONGRESS
  1st Session
                                S. 2333

                          [Report No. 116-144]

             To provide for enhanced energy grid security.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             July 30, 2019

 Ms. Cantwell (for herself and Mr. Heinrich) introduced the following 
bill; which was read twice and referred to the Committee on Energy and 
                           Natural Resources

                            October 23, 2019

              Reported by Ms. Murkowski, without amendment

_______________________________________________________________________

                                 A BILL


 
             To provide for enhanced energy grid security.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Energy Cybersecurity Act of 2019''.

SEC. 2. DEFINITIONS.

    In this Act:
            (1) Department.--The term ``Department'' means the 
        Department of Energy.
            (2) Electric utility.--The term ``electric utility'' has 
        the meaning given the term in section 3 of the Federal Power 
        Act (16 U.S.C. 796).
            (3) ES-ISAC.--The term ``ES-ISAC'' means the Electricity 
        Sector Information Sharing and Analysis Center.
            (4) National laboratory.--The term ``National Laboratory'' 
        has the meaning given the term in section 2 of the Energy 
        Policy Act of 2005 (42 U.S.C. 15801).
            (5) Secretary.--The term ``Secretary'' means the Secretary 
        of Energy.

SEC. 3. ENHANCED GRID SECURITY.

    (a) Cybersecurity for the Energy Sector Research, Development, and 
Demonstration Program.--
            (1) In general.--The Secretary, in consultation with 
        appropriate Federal agencies, the energy sector, the States, 
        and other stakeholders, shall carry out a program--
                    (A) to develop advanced cybersecurity applications 
                and technologies for the energy sector--
                            (i) to identify and mitigate 
                        vulnerabilities, including--
                                    (I) dependencies on other critical 
                                infrastructure; and
                                    (II) impacts from weather and fuel 
                                supply; and
                            (ii) to advance the security of field 
                        devices and third-party control systems, 
                        including--
                                    (I) systems for generation, 
                                transmission, distribution, end use, 
                                and market functions;
                                    (II) specific electric grid 
                                elements including advanced metering, 
                                demand response, distributed 
                                generation, and electricity storage;
                                    (III) forensic analysis of infected 
                                systems; and
                                    (IV) secure communications;
                    (B) to leverage electric grid architecture as a 
                means to assess risks to the energy sector, including 
                by implementing an all-hazards approach to 
                communications infrastructure, control systems 
                architecture, and power systems architecture;
                    (C) to perform pilot demonstration projects with 
                the energy sector to gain experience with new 
                technologies; and
                    (D) to develop workforce development curricula for 
                energy sector-related cybersecurity.
            (2) Authorization of appropriations.--There is authorized 
        to be appropriated to carry out this subsection $65,000,000 for 
        each of fiscal years 2020 through 2028.
    (b) Energy Sector Component Testing for Cyberresilience Program.--
            (1) In general.--The Secretary shall carry out a program--
                    (A) to establish a cybertesting and mitigation 
                program to identify vulnerabilities of energy sector 
                supply chain products to known threats;
                    (B) to oversee third-party cybertesting; and
                    (C) to develop procurement guidelines for energy 
                sector supply chain components.
            (2) Authorization of appropriations.--There is authorized 
        to be appropriated to carry out this subsection $15,000,000 for 
        each of fiscal years 2020 through 2028.
    (c) Energy Sector Operational Support for Cyberresilience 
Program.--
            (1) In general.--The Secretary may carry out a program--
                    (A) to enhance and periodically test--
                            (i) the emergency response capabilities of 
                        the Department; and
                            (ii) the coordination of the Department 
                        with other agencies, the National Laboratories, 
                        and private industry;
                    (B) to expand cooperation of the Department with 
                the intelligence communities for energy sector-related 
                threat collection and analysis;
                    (C) to enhance the tools of the Department and ES-
                ISAC for monitoring the status of the energy sector;
                    (D) to expand industry participation in ES-ISAC; 
                and
                    (E) to provide technical assistance to small 
                electric utilities for purposes of assessing 
                cybermaturity level.
            (2) Authorization of appropriations.--There is authorized 
        to be appropriated to carry out this subsection $10,000,000 for 
        each of fiscal years 2020 through 2028.
    (d) Modeling and Assessing Energy Infrastructure Risk.--
            (1) In general.--The Secretary shall develop an advanced 
        energy security program to secure energy networks, including 
        electric, natural gas, and oil exploration, transmission, and 
        delivery.
            (2) Security and resiliency objective.--The objective of 
        the program developed under paragraph (1) is to increase the 
        functional preservation of the electric grid operations or 
        natural gas and oil operations in the face of natural and 
        human-made threats and hazards, including electric magnetic 
        pulse and geomagnetic disturbances.
            (3) Eligible activities.--In carrying out the program 
        developed under paragraph (1), the Secretary may--
                    (A) develop capabilities to identify 
                vulnerabilities and critical components that pose major 
                risks to grid security if destroyed or impaired;
                    (B) provide modeling at the national level to 
                predict impacts from natural or human-made events;
                    (C) develop a maturity model for physical security 
                and cybersecurity;
                    (D) conduct exercises and assessments to identify 
                and mitigate vulnerabilities to the electric grid, 
                including providing mitigation recommendations;
                    (E) conduct research hardening solutions for 
                critical components of the electric grid;
                    (F) conduct research mitigation and recovery 
                solutions for critical components of the electric grid; 
                and
                    (G) provide technical assistance to States and 
                other entities for standards and risk analysis.
            (4) Authorization of appropriations.--There is authorized 
        to be appropriated to carry out this subsection $10,000,000 for 
        each of fiscal years 2020 through 2028.
    (e) Leveraging Existing Programs.--The programs established under 
this section shall be carried out consistent with--
            (1) the report of the Department entitled ``Roadmap to 
        Achieve Energy Delivery Systems Cybersecurity'' and dated 2011;
            (2) existing programs of the Department; and
            (3) any associated strategic framework that links together 
        academic and National Laboratory researchers, electric 
        utilities, manufacturers, and any other relevant private 
        industry organizations, including the Electricity Sub-sector 
        Coordinating Council.
    (f) Study.--
            (1) In general.--Not later than 180 days after the date of 
        enactment of this Act, the Secretary, in consultation with the 
        Federal Energy Regulatory Commission and the North American 
        Electric Reliability Corporation, shall conduct a study to 
        explore alternative management structures and funding 
        mechanisms to expand industry membership and participation in 
        ES-ISAC.
            (2) Report.--The Secretary shall submit to the appropriate 
        committees of Congress a report describing the results of the 
        study conducted under paragraph (1).
                                                       Calendar No. 264

116th CONGRESS

  1st Session

                                S. 2333

                          [Report No. 116-144]

_______________________________________________________________________

                                 A BILL

             To provide for enhanced energy grid security.

_______________________________________________________________________

                            October 23, 2019

                       Reported without amendment