Short title

This Act may be cited as the

Protecting Resources On The Electric grid with Cybersecurity Technology Act of 2021

or the

PROTECT Act of 2021

Incentives for advanced cybersecurity technology investment

Part II of the Federal Power Act is amended by inserting after section 219 (16 U.S.C. 824s) the following:

219A.

Incentives for cybersecurity investments

(a)

Definitions

In this section:(1)

Advanced cybersecurity technology

The term advanced cybersecurity technology means any technology, operational capability, or service, including computer hardware, software, or a related asset, that enhances the security posture of public utilities through improvements in the ability to protect against, detect, respond to, or recover from a cybersecurity threat (as defined in section 102 of the Cybersecurity Act of 2015 (6 U.S.C. 1501)).(2)

Advanced cybersecurity technology information

The term advanced cybersecurity technology information means information relating to advanced cybersecurity technology or proposed advanced cybersecurity technology that is generated by or provided to the Commission or another Federal agency.(b)

Study

Not later than 180 days after the date of enactment of this section, the Commission, in consultation with the Secretary of Energy, the North American Electric Reliability Corporation, the Electricity Subsector Coordinating Council, and the National Association of Regulatory Utility Commissioners, shall conduct a study to identify incentive-based, including performance-based, rate treatments for the transmission and sale of electric energy subject to the jurisdiction of the Commission that could be used to encourage—(1)investment by public utilities in advanced cybersecurity technology; and(2)participation by public utilities in cybersecurity threat information sharing programs.(c)

Incentive-Based rate treatment

Not later than 1 year after the completion of the study under subsection (b), the Commission shall establish, by rule, incentive-based, including performance-based, rate treatments for the transmission of electric energy in interstate commerce and the sale of electric energy at wholesale in interstate commerce by public utilities for the purpose of benefitting consumers by encouraging—(1)investments by public utilities in advanced cybersecurity technology; and(2)participation by public utilities in cybersecurity threat information sharing programs.(d)

Factors for consideration

In issuing a rule pursuant to this section, the Commission may provide additional incentives beyond those identified in subsection (c) in any case in which the Commission determines that an investment in advanced cybersecurity technology or information sharing program costs will reduce cybersecurity risks to—(1)defense critical electric infrastructure (as defined in section 215A(a)) and other facilities subject to the jurisdiction of the Commission that are critical to public safety, national defense, or homeland security, as determined by the Commission in consultation with—(A)the Secretary of Energy; and(B)appropriate Federal agencies; and(2)facilities of small or medium-sized public utilities with limited cybersecurity resources, as determined by the Commission.(e)

Ratepayer protection

(1)

In general

Any rate approved under a rule issued pursuant to this section, including any revisions to that rule, shall be subject to the requirements of sections 205 and 206 that all rates, charges, terms, and conditions—(A)shall be just and reasonable; and(B)shall not be unduly discriminatory or preferential.(2)

Prohibition of duplicate recovery

Any rule issued pursuant to this section shall preclude rate treatments that allow unjust and unreasonable double recovery for advanced cybersecurity technology.(f)

Single-Issue rate filings

The Commission shall permit public utilities to apply for incentive-based rate treatment under a rule issued under this section on a single-issue basis by submitting to the Commission a tariff schedule under section 205 that permits recovery of costs and incentives over the depreciable life of the applicable assets, without regard to changes in receipts or other costs of the public utility.(g)

Protection of information

Advanced cybersecurity technology information that is provided to, generated by, or collected by the Federal Government under subsection (b), (c), or (f) shall be considered to be critical electric infrastructure information under section 215A.

Rural and municipal utility advanced cybersecurity grant and technical assistance program

(a)

Definitions

In this section:(1)

Advanced cybersecurity technology

The term advanced cybersecurity technology means any technology, operational capability, or service, including computer hardware, software, or a related asset, that enhances the security posture of electric utilities through improvements in the ability to protect against, detect, respond to, or recover from a cybersecurity threat (as defined in section 102 of the Cybersecurity Act of 2015 (6 U.S.C. 1501)).(2)

Eligible entity

The term eligible entity means—(A)a rural electric cooperative;(B)a utility owned by a political subdivision of a State, such as a municipally owned electric utility;(C)a utility owned by any agency, authority, corporation, or instrumentality of 1 or more political subdivisions of a State;(D)a not-for-profit entity that is in a partnership with not fewer than 6 entities described in subparagraph (A), (B), or (C); and(E)an investor-owned electric utility that sells less than 4,000,000 megawatt hours of electricity per year.(3)

Program

The term Program means the Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program established under subsection (b).(4)

Secretary

The term Secretary means the Secretary of Energy.(b)

Establishment

Not later than 180 days after the date of enactment of this Act, the Secretary, in consultation with the Federal Energy Regulatory Commission, the North American Electric Reliability Corporation, and the Electricity Subsector Coordinating Council, shall establish a program, to be known as the Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program, to provide grants and technical assistance to, and enter into cooperative agreements with, eligible entities to protect against, detect, respond to, and recover from cybersecurity threats.(c)

Objectives

The objectives of the Program shall be—(1)to deploy advanced cybersecurity technologies for electric utility systems; and(2)to increase the participation of eligible entities in cybersecurity threat information sharing programs.(d)

Awards

(1)

In general

The Secretary—(A)shall award grants and provide technical assistance under the Program to eligible entities on a competitive basis;(B)shall develop criteria and a formula for awarding grants and providing technical assistance under the Program;(C)may enter into cooperative agreements with eligible entities that can facilitate the objectives described in subsection (c); and(D)shall establish a process to ensure that all eligible entities are informed about and can become aware of opportunities to receive grants or technical assistance under the Program.(2)

Priority for grants and technical assistance

In awarding grants and providing technical assistance under the Program, the Secretary shall give priority to an eligible entity that, as determined by the Secretary—(A)has limited cybersecurity resources;(B)owns assets critical to the reliability of the bulk power system; or(C)owns defense critical electric infrastructure (as defined in section 215A(a) of the Federal Power Act (16 U.S.C. 824o–1(a))).(e)

Protection of information

Information provided to, or collected by, the Federal Government under this section—(1)shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and(2)shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority under any applicable law requiring public disclosure of information or records.(f)

Funding

There is authorized to be appropriated to carry out this section $50,000,000 for each of fiscal years 2022 through 2026, to remain available until expended.