[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 2928 Engrossed in House (EH)]

<DOC>
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
117th CONGRESS
  1st Session
                                H. R. 2928

_______________________________________________________________________

                                 AN ACT


 
To require the Secretary of Energy to establish a voluntary Cyber Sense 
program to test the cybersecurity of products and technologies intended 
       for use in the bulk-power system, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cyber Sense Act of 2021''.

SEC. 2. CYBER SENSE.

    (a) In General.--The Secretary of Energy, in coordination with 
relevant Federal agencies, shall establish a voluntary Cyber Sense 
program to test the cybersecurity of products and technologies intended 
for use in the bulk-power system, as defined in section 215(a) of the 
Federal Power Act (16 U.S.C. 824o(a)).
    (b) Program Requirements.--In carrying out subsection (a), the 
Secretary of Energy shall--
            (1) establish a testing process under the Cyber Sense 
        program to test the cybersecurity of products and technologies 
        intended for use in the bulk-power system, including products 
        relating to industrial control systems and operational 
        technologies, such as supervisory control and data acquisition 
        systems;
            (2) for products and technologies tested under the Cyber 
        Sense program, establish and maintain cybersecurity 
        vulnerability reporting processes and a related database;
            (3) provide technical assistance to electric utilities, 
        product manufacturers, and other electricity sector 
        stakeholders to develop solutions to mitigate identified 
        cybersecurity vulnerabilities in products and technologies 
        tested under the Cyber Sense program;
            (4) biennially review products and technologies tested 
        under the Cyber Sense program for cybersecurity vulnerabilities 
        and provide analysis with respect to how such products and 
        technologies respond to and mitigate cyber threats;
            (5) develop guidance, that is informed by analysis and 
        testing results under the Cyber Sense program, for electric 
        utilities for procurement of products and technologies;
            (6) provide reasonable notice to the public, and solicit 
        comments from the public, prior to establishing or revising the 
        testing process under the Cyber Sense program;
            (7) oversee testing of products and technologies under the 
        Cyber Sense program; and
            (8) consider incentives to encourage the use of analysis 
        and results of testing under the Cyber Sense program in the 
        design of products and technologies for use in the bulk-power 
        system.
    (c) Disclosure of Information.--Any cybersecurity vulnerability 
reported pursuant to a process established under subsection (b)(2), the 
disclosure of which the Secretary of Energy reasonably foresees would 
cause harm to critical electric infrastructure (as defined in section 
215A of the Federal Power Act), shall be deemed to be critical electric 
infrastructure information for purposes of section 215A(d) of the 
Federal Power Act.
    (d) Federal Government Liability.--Nothing in this section shall be 
construed to authorize the commencement of an action against the United 
States Government with respect to the testing of a product or 
technology under the Cyber Sense program.

            Passed the House of Representatives July 20, 2021.

            Attest:

                                                                 Clerk.
117th CONGRESS

  1st Session

                               H. R. 2928

_______________________________________________________________________

                                 AN ACT

To require the Secretary of Energy to establish a voluntary Cyber Sense 
program to test the cybersecurity of products and technologies intended 
       for use in the bulk-power system, and for other purposes.