[Congressional Record Volume 156, Number 86 (Wednesday, June 9, 2010)]
[House]
[Pages H4256-H4262]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




            GRID RELIABILITY AND INFRASTRUCTURE DEFENSE ACT

  Mr. MARKEY of Massachusetts. Mr. Speaker, I move to suspend the rules 
and pass the bill (H.R. 5026) to amend the Federal Power Act to protect 
the bulk-power system and electric infrastructure critical to the 
defense of the United States from cybersecurity and other threats and 
vulnerabilities, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 5026

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Grid Reliability and 
     Infrastructure Defense Act'' or the ``GRID Act''.

     SEC. 2. AMENDMENT TO THE FEDERAL POWER ACT.

       (a) Critical Electric Infrastructure Security.--Part II of 
     the Federal Power Act (16 U.S.C. 824 et seq.) is amended by 
     adding after section 215 the following new section:

     ``SEC. 215A. CRITICAL ELECTRIC INFRASTRUCTURE SECURITY.

       ``(a)  Definitions.--For purposes of this section:
       ``(1) Bulk-power system; electric reliability organization; 
     regional entity.--The terms `bulk-power system', `Electric 
     Reliability Organization', and `regional entity' have the 
     meanings given such terms in paragraphs (1), (2), and (7) of 
     section 215(a), respectively.
       ``(2) Defense critical electric infrastructure.--The term 
     `defense critical electric infrastructure' means any 
     infrastructure located in the United States (including the 
     territories) used for the generation, transmission, or 
     distribution of electric energy that--
       ``(A) is not part of the bulk-power system; and
       ``(B) serves a facility designated by the President 
     pursuant to subsection (d)(1), but is not owned or operated 
     by the owner or operator of such facility.
       ``(3) Defense critical electric infrastructure 
     vulnerability.--The term `defense critical electric 
     infrastructure vulnerability' means a weakness in defense 
     critical electric infrastructure that, in the event of a 
     malicious act using electronic communication or an 
     electromagnetic pulse, would pose a substantial risk of 
     disruption of those electronic devices or communications 
     networks, including hardware, software, and data, that are 
     essential to the reliability of defense critical electric 
     infrastructure.
       ``(4) Electromagnetic pulse.--The term `electromagnetic 
     pulse' means 1 or more pulses of electromagnetic energy 
     emitted by a device capable of disabling, disrupting, or 
     destroying electronic equipment by means of such a pulse.
       ``(5) Geomagnetic storm.--The term `geomagnetic storm' 
     means a temporary disturbance of the Earth's magnetic field 
     resulting from solar activity.
       ``(6) Grid security threat.--The term `grid security 
     threat' means a substantial likelihood of--
       ``(A)(i) a malicious act using electronic communication or 
     an electromagnetic pulse, or a geomagnetic storm event, that 
     could disrupt the operation of those electronic devices or 
     communications networks, including hardware, software, and 
     data, that are essential to the reliability of the bulk-power 
     system or of defense critical electric infrastructure; and
       ``(ii) disruption of the operation of such devices or 
     networks, with significant adverse effects on the reliability 
     of the bulk-power system or of defense critical electric 
     infrastructure, as a result of such act or event; or
       ``(B)(i) a direct physical attack on the bulk-power system 
     or on defense critical electric infrastructure; and
       ``(ii) significant adverse effects on the reliability of 
     the bulk-power system or of defense critical electric 
     infrastructure as a result of such physical attack.
       ``(7) Grid security vulnerability.--The term `grid security 
     vulnerability' means a weakness that, in the event of a 
     malicious act using electronic communication or an 
     electromagnetic pulse, would pose a substantial risk of 
     disruption to the operation of those electronic devices or 
     communications networks, including hardware, software, and 
     data, that are essential to the reliability of the bulk-power 
     system.
       ``(8) Large transformer.--The term `large transformer' 
     means an electric transformer that is part of the bulk-power 
     system.
       ``(9) Protected information.--The term `protected 
     information' means information, other than classified 
     national security information, designated as protected 
     information by the Commission under subsection (e)(2)--
       ``(A) that was developed or submitted in connection with 
     the implementation of this section;
       ``(B) that specifically discusses grid security threats, 
     grid security vulnerabilities, defense critical electric 
     infrastructure vulnerabilities, or plans, procedures, or 
     measures to address such threats or vulnerabilities; and
       ``(C) the unauthorized disclosure of which could be used in 
     a malicious manner to impair the reliability of the bulk-
     power system or of defense critical electric infrastructure.
       ``(10) Secretary.--The term `Secretary' means the Secretary 
     of Energy.
       ``(11) Security.--The definition of `security' in section 
     3(16) shall not apply to the provisions in this section.
       ``(b) Emergency Response Measures.--
       ``(1) Authority to address grid security threats.--Whenever 
     the President issues and provides to the Commission (either 
     directly or through the Secretary) a written directive or 
     determination identifying an imminent grid security threat, 
     the Commission may, with or without notice, hearing, or 
     report, issue such orders for emergency measures as are 
     necessary in its judgment to protect the reliability of the 
     bulk-power system or of defense critical electric 
     infrastructure against such threat. As soon as practicable 
     but not later than 180 days after the date of enactment of 
     this section, the Commission shall, after notice and 
     opportunity for comment, establish rules of procedure that 
     ensure that such authority can be exercised expeditiously.
       ``(2) Notification of congress.--Whenever the President 
     issues and provides to the Commission (either directly or 
     through the Secretary) a written directive or determination 
     under paragraph (1), the President (or the Secretary, as the 
     case may be) shall promptly notify congressional committees 
     of relevant jurisdiction, including the Committee on Energy 
     and Commerce of the House of Representatives and the 
     Committee on Energy and Natural Resources of the Senate, of 
     the contents of, and justification for, such directive or 
     determination.

[[Page H4257]]

       ``(3) Consultation.--Before issuing an order for emergency 
     measures under paragraph (1), the Commission shall, to the 
     extent practicable in light of the nature of the grid 
     security threat and the urgency of the need for such 
     emergency measures, consult with appropriate governmental 
     authorities in Canada and Mexico, entities described in 
     paragraph (4), the Secretary, and other appropriate Federal 
     agencies regarding implementation of such emergency measures.
       ``(4) Application.--An order for emergency measures under 
     this subsection may apply to--
       ``(A) the Electric Reliability Organization;
       ``(B) a regional entity; or
       ``(C) any owner, user, or operator of the bulk-power system 
     or of defense critical electric infrastructure within the 
     United States.
       ``(5) Discontinuance.--The Commission shall issue an order 
     discontinuing any emergency measures ordered under this 
     subsection, effective not later than 30 days after the 
     earliest of the following:
       ``(A) The date upon which the President issues and provides 
     to the Commission (either directly or through the Secretary) 
     a written directive or determination that the grid security 
     threat identified under paragraph (1) no longer exists.
       ``(B) The date upon which the Commission issues a written 
     determination that the emergency measures are no longer 
     needed to address the grid security threat identified under 
     paragraph (1), including by means of Commission approval of a 
     reliability standard under section 215 that the Commission 
     determines adequately addresses such threat.
       ``(C) The date that is 1 year after the issuance of an 
     order under paragraph (1).
       ``(6) Cost recovery.--If the Commission determines that 
     owners, operators, or users of the bulk-power system or of 
     defense critical electric infrastructure have incurred 
     substantial costs to comply with an order under this 
     subsection and that such costs were prudently incurred and 
     cannot reasonably be recovered through regulated rates or 
     market prices for the electric energy or services sold by 
     such owners, operators, or users, the Commission shall, after 
     notice and an opportunity for comment, establish a mechanism 
     that permits such owners, operators, or users to recover such 
     costs.
       ``(c) Measures to Address Grid Security Vulnerabilities.--
       ``(1) Commission authority.--If the Commission, in 
     consultation with appropriate Federal agencies, identifies a 
     grid security vulnerability that the Commission determines 
     has not adequately been addressed through a reliability 
     standard developed and approved under section 215, the 
     Commission shall, after notice and opportunity for comment 
     and after consultation with the Secretary, other appropriate 
     Federal agencies, and appropriate governmental authorities in 
     Canada and Mexico, promulgate a rule or issue an order 
     requiring implementation, by any owner, operator, or user of 
     the bulk-power system in the United States, of measures to 
     protect the bulk-power system against such vulnerability. 
     Before promulgating a rule or issuing an order under this 
     paragraph, the Commission shall, to the extent practicable in 
     light of the urgency of the need for action to address the 
     grid security vulnerability, request and consider 
     recommendations from the Electric Reliability Organization 
     regarding such rule or order. The Commission may establish an 
     appropriate deadline for the submission of such 
     recommendations.
       ``(2) Certain existing cybersecurity vulnerabilities.--Not 
     later than 180 days after the date of enactment of this 
     section, the Commission shall, after notice and opportunity 
     for comment and after consultation with the Secretary, other 
     appropriate Federal agencies, and appropriate governmental 
     authorities in Canada and Mexico, promulgate a rule or issue 
     an order requiring the implementation, by any owner, user, or 
     operator of the bulk-power system in the United States, of 
     such measures as are necessary to protect the bulk-power 
     system against the vulnerabilities identified in the June 21, 
     2007, communication to certain `Electricity Sector Owners and 
     Operators' from the North American Electric Reliability 
     Corporation, acting in its capacity as the Electricity Sector 
     Information and Analysis Center.
       ``(3) Rescission.--The Commission shall approve a 
     reliability standard developed under section 215 that 
     addresses a grid security vulnerability that is the subject 
     of a rule or order under paragraph (1) or (2), unless the 
     Commission determines that such reliability standard does not 
     adequately protect against such vulnerability or otherwise 
     does not satisfy the requirements of section 215. Upon such 
     approval, the Commission shall rescind the rule promulgated 
     or order issued under paragraph (1) or (2) addressing such 
     vulnerability, effective upon the effective date of the newly 
     approved reliability standard.
       ``(4) Geomagnetic storms.--Not later than 1 year after the 
     date of enactment of this section, the Commission shall, 
     after notice and an opportunity for comment and after 
     consultation with the Secretary and other appropriate Federal 
     agencies, issue an order directing the Electric Reliability 
     Organization to submit to the Commission for approval under 
     section 215, not later than 1 year after the issuance of such 
     order, reliability standards adequate to protect the bulk-
     power system from any reasonably foreseeable geomagnetic 
     storm event. The Commission's order shall specify the nature 
     and magnitude of the reasonably foreseeable events against 
     which such standards must protect. Such standards shall 
     appropriately balance the risks to the bulk-power system 
     associated with such events, including any regional variation 
     in such risks, and the costs of mitigating such risks.
       ``(5) Large transformer availability.--Not later than 1 
     year after the date of enactment of this section, the 
     Commission shall, after notice and an opportunity for comment 
     and after consultation with the Secretary and other 
     appropriate Federal agencies, issue an order directing the 
     Electric Reliability Organization to submit to the Commission 
     for approval under section 215, not later than 1 year after 
     the issuance of such order, reliability standards addressing 
     availability of large transformers. Such standards shall 
     require entities that own or operate large transformers to 
     ensure, individually or jointly, adequate availability of 
     large transformers to promptly restore the reliable operation 
     of the bulk-power system in the event that any such 
     transformer is destroyed or disabled as a result of a 
     reasonably foreseeable physical or other attack or 
     geomagnetic storm event. The Commission's order shall specify 
     the nature and magnitude of the reasonably foreseeable 
     attacks or events that shall provide the basis for such 
     standards. Such standards shall--
       ``(A) provide entities subject to the standards with the 
     option of meeting such standards individually or jointly; and
       ``(B) appropriately balance the risks associated with a 
     reasonably foreseeable attack or event, including any 
     regional variation in such risks, and the costs of ensuring 
     adequate availability of spare transformers.
       ``(d) Critical Defense Facilities.--
       ``(1) Designation.--Not later than 180 days after the date 
     of enactment of this section, the President shall designate, 
     in a written directive or determination provided to the 
     Commission, facilities located in the United States 
     (including the territories) that are--
       ``(A) critical to the defense of the United States; and
       ``(B) vulnerable to a disruption of the supply of electric 
     energy provided to such facility by an external provider.

     The number of facilities designated by such directive or 
     determination shall not exceed 100. The President may 
     periodically revise the list of designated facilities through 
     a subsequent written directive or determination provided to 
     the Commission, provided that the total number of designated 
     facilities at any time shall not exceed 100.
       ``(2) Commission authority.--If the Commission identifies a 
     defense critical electric infrastructure vulnerability that 
     the Commission, in consultation with owners and operators of 
     any facility or facilities designated by the President 
     pursuant to paragraph (1), determines has not adequately been 
     addressed through measures undertaken by owners or operators 
     of defense critical electric infrastructure, the Commission 
     shall, after notice and an opportunity for comment and after 
     consultation with the Secretary and other appropriate Federal 
     agencies, promulgate a rule or issue an order requiring 
     implementation, by any owner or operator of defense critical 
     electric infrastructure, of measures to protect the defense 
     critical electric infrastructure against such vulnerability. 
     The Commission shall exempt from any such rule or order any 
     specific defense critical electric infrastructure that the 
     Commission determines already has been adequately protected 
     against the identified vulnerability. The Commission shall 
     make any such determination in consultation with the owner or 
     operator of the facility designated by the President pursuant 
     to paragraph (1) that relies upon such defense critical 
     electric infrastructure.
       ``(3) Cost recovery.--An owner or operator of defense 
     critical electric infrastructure shall be required to take 
     measures under paragraph (2) only to the extent that the 
     owners or operators of a facility or facilities designated by 
     the President pursuant to paragraph (1) that rely upon such 
     infrastructure agree to bear the full incremental costs of 
     compliance with a rule promulgated or order issued under 
     paragraph (2).
       ``(e) Protection of Information.--
       ``(1) Prohibition of public disclosure of protected 
     information.--Protected information--
       ``(A) shall be exempt from disclosure under section 
     552(b)(3) of title 5, United States Code; and
       ``(B) shall not be made available pursuant to any State, 
     local, or tribal law requiring disclosure of information or 
     records.
       ``(2) Information sharing.--
       ``(A) In general.--Consistent with the Controlled 
     Unclassified Information framework established by the 
     President, the Commission shall promulgate such regulations 
     and issue such orders as necessary to designate protected 
     information and to prohibit the unauthorized disclosure of 
     such protected information.
       ``(B) Sharing of protected information.--The regulations 
     promulgated and orders issued pursuant to subparagraph (A) 
     shall provide standards for and facilitate the appropriate 
     sharing of protected information with, between, and by 
     Federal, State, local, and tribal authorities, the Electric 
     Reliability Organization, regional entities, and owners, 
     operators, and users of the bulk-

[[Page H4258]]

     power system in the United States and of defense critical 
     electric infrastructure. In promulgating such regulations and 
     issuing such orders, the Commission shall take account of the 
     role of State commissions in reviewing the prudence and cost 
     of investments within their respective jurisdictions. The 
     Commission shall consult with appropriate Canadian and 
     Mexican authorities to develop protocols for the sharing of 
     protected information with, between, and by appropriate 
     Canadian and Mexican authorities and owners, operators, and 
     users of the bulk-power system outside the United States.
       ``(3) Submission of information to congress.--Nothing in 
     this section shall permit or authorize the withholding of 
     information from Congress, any committee or subcommittee 
     thereof, or the Comptroller General.
       ``(4) Disclosure of non-protected information.--In 
     implementing this section, the Commission shall protect from 
     disclosure only the minimum amount of information necessary 
     to protect the reliability of the bulk-power system and of 
     defense critical electric infrastructure. The Commission 
     shall segregate protected information within documents and 
     electronic communications, wherever feasible, to facilitate 
     disclosure of information that is not designated as protected 
     information.
       ``(5) Duration of designation.--Information may not be 
     designated as protected information for longer than 5 years, 
     unless specifically redesignated by the Commission.
       ``(6) Removal of designation.--The Commission may remove 
     the designation of protected information, in whole or in 
     part, from a document or electronic communication if the 
     unauthorized disclosure of such information could no longer 
     be used to impair the reliability of the bulk-power system or 
     of defense critical electric infrastructure.
       ``(7) Judicial review of designations.--Notwithstanding 
     subsection (f) of this section or section 313, a person or 
     entity may seek judicial review of a determination by the 
     Commission concerning the designation of protected 
     information under this subsection exclusively in the district 
     court of the United States in the district in which the 
     complainant resides, or has his principal place of business, 
     or in the District of Columbia. In such a case the court 
     shall determine the matter de novo, and may examine the 
     contents of documents or electronic communications designated 
     as protected information in camera to determine whether such 
     documents or any part thereof were improperly designated as 
     protected information. The burden is on the Commission to 
     sustain its designation.
       ``(f) Judicial Review.--The Commission shall act 
     expeditiously to resolve all applications for rehearing of 
     orders issued pursuant to this section that are filed under 
     section 313(a). Any party seeking judicial review pursuant to 
     section 313 of an order issued under this section may obtain 
     such review only in the United States Court of Appeals for 
     the District of Columbia Circuit.
       ``(g) Provision of Assistance to Industry in Meeting Grid 
     Security Protection Needs.--
       ``(1) Expertise and resources.--The Secretary shall 
     establish a program, in consultation with other appropriate 
     Federal agencies, to develop technical expertise in the 
     protection of systems for the generation, transmission, and 
     distribution of electric energy against geomagnetic storms or 
     malicious acts using electronic communications or 
     electromagnetic pulse that would pose a substantial risk of 
     disruption to the operation of those electronic devices or 
     communications networks, including hardware, software, and 
     data, that are essential to the reliability of such systems. 
     Such program shall include the identification and development 
     of appropriate technical and electronic resources, including 
     hardware, software, and system equipment.
       ``(2) Sharing expertise.--As appropriate, the Secretary 
     shall offer to share technical expertise developed under the 
     program under paragraph (1), through consultation and 
     assistance, with owners, operators, or users of systems for 
     the generation, transmission, or distribution of electric 
     energy located in the United States and with State 
     commissions. In offering such support, the Secretary shall 
     assign higher priority to systems serving facilities 
     designated by the President pursuant to subsection (d)(1) and 
     other critical-infrastructure facilities, which the Secretary 
     shall identify in consultation with the Commission and other 
     appropriate Federal agencies.
       ``(3) Security clearances and communication.--The Secretary 
     shall facilitate and, to the extent practicable, expedite the 
     acquisition of adequate security clearances by key personnel 
     of any entity subject to the requirements of this section to 
     enable optimum communication with Federal agencies regarding 
     grid security threats, grid security vulnerabilities, and 
     defense critical electric infrastructure vulnerabilities. The 
     Secretary, the Commission, and other appropriate Federal 
     agencies shall, to the extent practicable and consistent with 
     their obligations to protect classified and protected 
     information, share timely actionable information regarding 
     grid security threats, grid security vulnerabilities, and 
     defense critical electric infrastructure vulnerabilities with 
     appropriate key personnel of owners, operators, and users of 
     the bulk-power system and of defense critical electric 
     infrastructure.
       ``(h) Certain Federal Entities.--For the 11-year period 
     commencing on the date of enactment of this section, the 
     Tennessee Valley Authority and the Bonneville Power 
     Administration shall be exempt from any requirement under 
     subsection (b) or (c) (except for any requirement addressing 
     a malicious act using electronic communication).''.
       (b) Conforming Amendments.--
       (1) Jurisdiction.--Section 201(b)(2) of the Federal Power 
     Act (16 U.S.C. 824(b)(2)) is amended by inserting ``215A,'' 
     after ``215,'' each place it appears.
       (2) Public utility.--Section 201(e) of the Federal Power 
     Act (16 U.S.C. 824(e)) is amended by inserting ``215A,'' 
     after ``215,''.

     SEC. 3. BUDGETARY COMPLIANCE.

       The budgetary effects of this Act, for the purpose of 
     complying with the Statutory Pay-As-You-Go Act of 2010, shall 
     be determined by reference to the latest statement titled 
     ``Budgetary Effects of PAYGO Legislation'' for this Act, 
     submitted for printing in the Congressional Record by the 
     Chairman of the House Budget Committee, provided that such 
     statement has been submitted prior to the vote on passage.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from 
Massachusetts (Mr. Markey) and the gentleman from Michigan (Mr. Upton) 
each will control 20 minutes.
  The Chair recognizes the gentleman from Massachusetts.


                             General Leave

  Mr. MARKEY of Massachusetts. Mr. Speaker, I ask unanimous consent 
that all Members may have 5 legislative days in which to revise and 
extend their remarks and include extraneous material in the Record.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from Massachusetts?
  There was no objection.
  Mr. MARKEY of Massachusetts. Mr. Speaker, I yield myself such time as 
I may consume.
  Right now, Mr. Speaker, America's electric grid is vulnerable to 
cyber or other attacks by terrorists or hostile countries. Our 
adversaries are actively probing these weaknesses and already have the 
capacity to exploit them. The consequences of such an attack could be 
devastating. The commercially operated grid provides 99 percent of the 
power used by our defense facilities. Every one of our Nation's 
critical civilian systems--water, communications, health care, 
transportation, law enforcement, and financial services--depends on 
that grid. Classified Member briefings have underscored the urgency of 
this threat.
  The GRID Act, which has been produced out of the Energy and 
Environment Subcommittee of the Energy and Commerce Committee, working 
with Mr. Upton, the ranking member of the subcommittee, passed by a 
unanimous 47-0 vote. It is the product of months of bipartisan work led 
by Chairman Waxman and Ranking Members Barton and Upton. It reflects 
important work by Mr. Barrow and other members of the Energy and 
Commerce Committee and by Chairman Thompson, Representative Clarke--
Chairwoman Clarke--and others on the Homeland Security Committee. And 
it shows that when it comes to the nexus between national security and 
energy, all Americans agree that we must chart a more secure path.
  Mr. Speaker, I reserve the balance of my time.
  Mr. UPTON. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I, too, want to compliment the members on our committee, 
both Republican and Democrat, not only in our subcommittee that Mr. 
Markey chairs and I'm the ranking member, but also Chairman Waxman and 
Ranking Member Barton.
  This has been a multiyear effort; it really has. This bill is a 
product of that work. We've had a number of classified hearings and 
discussions and briefings over the last couple of years with Members 
attending for hours at a time. We've had some public hearings as well; 
and this bill is a product of that, which is exactly why the bill 
passed out of full committee 47-0 on a roll call vote.
  The security of our Nation's energy infrastructure from attack is one 
of the most important issues that this Congress might address this 
year, and it's not an issue that we can take lightly. Energy, as we 
know, electricity literally powers our economy in everything that we 
do. Even small price spikes and supply disruptions can wreak havoc on 
our economy for perhaps who knows how long, and it is imperative that 
the security of our Nation's energy infrastructure gets all of the 
attention that it deserves. This legislation is a step in the right 
direction

[[Page H4259]]

to protect our critical energy and defense infrastructure.
  Let me tell you a couple of things that this bill does. As it relates 
to cyber- and electromagnetic weapons, it gives FERC the authority to 
establish standards to protect the bulk power system against 
vulnerabilities to malicious acts using electronic communications or 
electromagnetic weapons.
  Geomagnetic storms: The bill requires FERC to direct NERC to submit 
for approval a reliability standard under section 215 to protect the 
bulk power infrastructure. And for large transformers, the bill 
requires FERC again to direct NERC to submit for approval a reliability 
standard under section 215 to require adequate availability of large 
transformers to ensure the reliability of the bulk power infrastructure 
in the event of a physical or other attack with a geomagnetic storm.

                              {time}  1100

  I would like to cite just a few words in a letter that was signed by 
some real national security experts--James Woolsey, Stephen Hadley, 
John Hamre, Rudy de Leon, James Schlesinger, William Perry, and Willy 
Schneider, Jr. It's an official-use only letter, so I cannot submit 
this letter for the Record or read more than just a few words.
  They say together: We strongly endorse the timely passage of this 
legislation in recognition that the electricity grid is a critical 
national security asset, the backbone of defense capability in modern 
civilization and also in recognition that the grid is vulnerable.
  The letter goes on: We don't want a vulnerable grid. We, as a 
society, cannot live with a vulnerable grid. This bill corrects many of 
the flaws in what could otherwise be standard operating procedure.
  Again, I applaud and thank Chairmen Waxman and Markey, Ranking Member 
Barton, and all of the members of our committee who have spent many 
hours to address this situation with this legislation.
  I reserve the balance of my time.
  Mr. MARKEY of Massachusetts. Mr. Speaker, I yield such time as he may 
consume to the chairman of the full Energy and Commerce Committee, the 
gentleman from the State of California (Mr. Waxman).
  Mr. WAXMAN. Mr. Speaker, I rise in support of the Grid Reliability 
and Infrastructure Defense Act.
  When it is signed by the President, this will be a bipartisan law, 
and it will be vital in protecting the Nation's electric grid from 
cyberattacks, from direct physical attacks, from electromagnetic 
pulses, and from solar storms.
  Beginning in the last Congress, on a bipartisan basis, a group of 
Members worked on this legislation--Ed Markey, Joe Barton, Fred Upton, 
and I. John Dingell and Rick Boucher have also played significant roles 
in developing the proposal. John Barrow had a very important part in 
this legislation as well. I commend all of them for working together 
with me in preparing for this legislation that we are presenting to our 
colleagues today.
  The staffs of both the majority and minority had extensive 
discussions with interested stakeholders and agencies. We worked with 
many Members to answer their questions, to address their concerns, and 
to consider their constructive suggestions. Their input has 
strengthened this bill. It has been a cooperative process that has 
produced strong bipartisan legislation. In fact, the Energy and 
Commerce Committee favorably reported the bill by a unanimous vote of 
47-0.
  Today, our electric grid simply isn't adequately protected from a 
range of potential threats in an emergency situation. Where the grid 
faces an imminent threat, the Federal Energy Regulatory Commission 
currently lacks the authority to require the necessary protective 
measures. There is also an ever-growing number of grid security 
vulnerabilities. These are weaknesses in the grid that could be 
exploited by criminals, by terrorists, or by other countries to damage 
our electric grid. There are weaknesses that even make the grid 
vulnerable to naturally occurring geomagnetic storms.
  This bipartisan legislation will provide the Federal Energy 
Regulatory Commission with the authorities it needs to address these 
threats. It also directs the Commission to look at the long-term 
threats, not just at the imminent threats, with standards written or 
approved by the Commission. In addition, the bill includes provisions 
that focus specifically on the portions of the grid that serve 
facilities critical to the defense of the United States.
  These are important national security and grid reliability issues. We 
have heard from the Defense Department, from former Defense 
Secretaries, from national security advisers, and from CIA Directors. 
They have told us that the changes made by this bill are critical to 
our national security, and the Congressional Budget Office confirms 
that the final bill is budget neutral.
  Today's legislation is an opportunity for all of us to work together, 
and I urge my colleagues to seize this opportunity and to support this 
important bipartisan legislation.
  Mr. UPTON. Mr. Speaker, I know that we have one other Member who 
wishes to speak, but I do not see him on the floor; so I continue to 
reserve the balance of my time.
  Mr. MARKEY of Massachusetts. Mr. Speaker, I yield 2 minutes to the 
gentleman from Georgia (Mr. Barrow), to whom Chairman Waxman has 
already made reference. Mr. Barrow is probably the longest-standing 
Member who has been working on this issue.
  Mr. BARROW. I thank the gentleman for yielding. I thank him for his 
work on this important subject.
  Mr. Speaker, the grid that generates and distributes electricity 
across our country is one of the engineering wonders of the world, but 
it took generations to build, and it grew up in peacetime, safely 
removed from any threat of physical attack by our enemies, and it was 
long before the Internet. Today, we use the Internet to run this vast 
infrastructure, and that leaves us vulnerable to a potentially 
devastating cyberattack.
  The GRID Act takes the first steps toward protecting our electric 
grid from those who want to do us harm. The necessary costs are modest 
compared to the cost of doing nothing. We cannot count on our enemies 
to wait for us. The threat is real, and the solution is in our hands, 
so I encourage my colleagues to support the bill.
  Mr. UPTON. In seeing that the Member is not here, I would ask again 
for a strong ``yea'' vote, and I would hope that our Senate colleagues 
are listening so that they will be able to move this legislation as 
quickly as possible.
  Mr. Speaker, I yield back the balance of my time.
  Mr. MARKEY of Massachusetts. Mr. Speaker, I yield 2 minutes to the 
gentleman from Rhode Island (Mr. Langevin), who, in the last Congress, 
was the chair of what is now the Emerging Threats Subcommittee on the 
Homeland Security Committee. I have worked with him under his 
leadership on these issues for years.
  (Mr. LANGEVIN asked and was given permission to revise and extend his 
remarks.)
  Mr. LANGEVIN. I thank the gentleman for yielding.
  Mr. Speaker, I rise today in strong support of H.R. 5026, legislation 
to protect our national electric grid system. I would particularly like 
to thank Chairman Markey for his outstanding leadership and dedication 
to this important national security issue. I know he has given great 
time and effort and thought to this, and I thank him for that.
  I would also like to thank Chairman Waxman for his attention to this 
issue.
  I would also like to recognize and to thank my good friend Mr. 
Thompson, chairman of the full Homeland Security Committee, for working 
with me in 2008 to hold hearings and to closely examine what actions 
our country must absolutely take to prevent attacks on our national 
security electric grid.
  Two years ago, I testified before Chairman Markey's subcommittee 
about the threats to our bulk power system from cyberattack. In the 
110th Congress, as chairman of the Homeland Security Subcommittee on 
Emerging Threats, Cybersecurity, and Science and Technology, I 
conducted a detailed and thorough examination of cyberthreats to our 
critical infrastructure, and I want to reiterate what I made clear in 
my testimony.
  I believe that America is still vulnerable to a cyberattack against 
the electric grid, which would cause severe damage, not only to our 
critical infrastructure, but also to our economy and

[[Page H4260]]

to the welfare of our citizens. The vast majority of our critical 
assets is in private hands. In many sectors, private entities are 
largely self-regulated and are responsible for developing and for 
implementing their own standards according to their own priorities.
  This bill will ensure that serious threats to our electric grid are 
addressed by giving the Federal Government the ability to require 
strong safety measures in our electric power system. It has the 
foresight to not only specifically focus on cyberthreats but also to 
focus on other potentially devastating issues, such as electromagnetic 
interference. These measures will help to ensure that we prepare for 
the worst case scenarios and that we protect our citizens in the case 
of a devastating attack or accident.
  So, again, I really want to thank Chairman Markey for his attention 
to this important issue, and I look forward to working with the Energy 
and Commerce Committee in continuing to raise awareness about securing 
our critical infrastructure and in protecting our citizens from 
cyberattack.
  Mr. Speaker, I rise today in support of H.R. 5026, legislation to 
protect our national electric grid system. I would like to thank 
Chairman Markey for his leadership on this important national security 
issue. I would also like to recognize my good friend and Chairman of 
the Homeland Security Committee, Mr. Thompson, for working with me in 
2008 to hold hearings and closely examine what actions our country must 
take to prevent attacks on our national grid.
  Two years ago, on September 11, 2008, I testified before Chairman 
Markey's Subcommittee about the threats to our bulk power system from 
cyber attack. In the 110th Congress, as Chairman of the Homeland 
Security Subcommittee on Emerging Threats, Cybersecurity, Science and 
Technology, I conducted a detailed and thorough examination of cyber 
threats to our critical infrastructure, and I want to reiterate what I 
made clear in my testimony. I believe America remains vulnerable to a 
cyber attack against the electric grid that would cause severe damage 
to not only our critical infrastructure, but also our economy and the 
welfare of our citizens.
  The vast majority of our critical assets are in private hands. In 
many sectors, private entities are largely self-regulated and are 
responsible for developing and implementing their own standards 
according to their own priorities. This bill will ensure that serious 
threats to our grid are addressed by giving relevant government 
agencies, such as the Department of Homeland Security, the ability to 
require strong safety measures in our electric power system. The bill 
also has the foresight to not only specifically focus on cyber threats 
but also on other potentially devastating issues such as 
electromagnetic interference. The scope of the bill includes the bulk 
power system, which should also protect critical distribution systems 
in major cities, like New York and Washington, DC from a cyber attack. 
Additionally, by empowering the Federal Energy Regulatory Commission, 
FERC, this legislation goes a long way to enabling a faster response by 
both government and industry in case of an imminent threat. These 
measures will help ensure that we prepare for worst-case scenarios and 
protect our citizens in the case of a devastating attack or 
catastrophe.
  I applaud the attention being focused on this issue by the Congress, 
and I want to once again thank Chairman Markey for his attention to 
this important issue. I look forward to working with the Energy and 
Commerce Committee and to securing our critical infrastructure and 
protecting our citizens from cyber attack.
  Mr. UPTON. Mr. Speaker, I ask unanimous consent to reclaim the 
balance of my time.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from Michigan?
  There was no objection.
  Mr. UPTON. I yield 2 minutes to the distinguished gentleman from 
Maryland (Mr. Bartlett), who is in support of the bill.
  Mr. BARTLETT. Mr. Speaker, I rise in strong support of the bipartisan 
bill, H.R. 5026, which has been approved unanimously by a vote of 47-0 
by the Energy and Commerce Committee. That doesn't happen very often in 
today's Congress.
  According to the National Academy of Sciences, this bill is necessary 
because there is one event that we will not avoid, and that is solar 
geomagnetic interference--a solar storm. If--really, when--we have a 
big one like the Carrington event that occurred in 1859, this will shut 
down our whole grid. It would cost us only about $100 million to 
protect the grid from EMP. This investment won't be made without H.R. 
5026. The consequences of inaction are dire. If our grid is destroyed 
by EMP or by a Carrington event, which is an electromagnetic storm, the 
National Academies warn it will cost us between $1 trillion and $2 
trillion in damages, and it will take 4 to 10 years to recover.
  With the grid's being down, more or less, for 4 to 10 years, one can 
only imagine the consequences to our society. This is a really 
important bipartisan bill, and I rise in very strong support.
  Mr. MARKEY of Massachusetts. Mr. Speaker, I yield myself such time as 
I may consume.
  The GRID Act has three basic components.
  First, it establishes Federal authority to address emergency 
situations. If the President identifies an imminent threat to the bulk 
power system or to other parts of the grid that serve critical defense 
facilities, the Federal Energy Regulatory Commission can issue an 
emergency order requiring measures to protect against this threat. This 
authority covers threats from cyberattacks, from electromagnetic 
weapons, from direct physical attacks, or from solar storms.
  However, in many cases, we will not know about a cyberattack or other 
threat to the grid until it's too late. Accordingly, the GRID Act 
establishes measures to protect the grid against key vulnerabilities so 
that, if and when an emergency does happen, we are already prepared.
  Most importantly, if FERC identifies a vulnerability to a cyber or to 
an electromagnetic attack that has not adequately been addressed, it 
has the authority to require intrameasures to protect the bulk power 
system.
  The legislation also requires FERC, within 6 months of enactment, to 
establish measures to protect against the Aurora vulnerability to 
cyberattack. That vulnerability was identified nearly 3 years ago, but 
the current standard-setting process has not addressed it. That is 
unacceptable. It must be fixed.
  Ranking Member Upton and other members of our committee sat through a 
top secret briefing last October with regard to the threat that this 
Aurora vulnerability and that other vulnerabilities pose as potential 
threats to our country and which could be exploited by other countries 
or by subnational groups or by domestic terrorists. This is something 
that we must close. I think every Member in that top secret briefing 
left, having experienced a sobering moment in their lives, realizing 
the great responsibility we have to pass legislation that can deal with 
this problem.
  The GRID Act also deals with other critical vulnerabilities. Solar 
flares cause geomagnetic currents that can destroy large electric 
transformers. Experts agree that it is only a matter of time before we 
experience a solar storm large enough to bring down a large portion of 
the grid, potentially causing trillions of dollars in damage. In 
addition, the grid is highly vulnerable to attack because the large 
transformers upon which it relies are built overseas and can take years 
to replace. The GRID Act addresses these issues by requiring the 
development of reliability standards to protect against geomagnetic 
storms and to ensure the availability of adequate backup supplies of 
large transformers.
  Finally, the GRID Act gives FERC the authority to protect portions of 
the grid that serve the top 100 critical defense facilities against a 
cyber or an electromagnetic weapons attack.
  The amended version of the bill now before the House makes one change 
to the version reported out of committee. In order to make the bill 
deficit neutral, the amended bill exempts the Bonneville Power 
Administration and the Tennessee Valley Authority from requirements 
other than cyberprotections during the first 11 years after enactment. 
With this change, the Congressional Budget Office has determined that 
the bill will not affect direct Federal spending. The amended bill does 
not score.
  Colleagues, the electric grid's vulnerability to cyber and to other 
attacks is one of the single greatest threats to our national security. 
This bipartisan legislation is critical to empowering the Federal 
Government and the private sector with the capacities they

[[Page H4261]]

will need to protect us against that threat.

                              {time}  1115

  There are people plotting right now that, if they could, would 
exploit this vulnerability.
  I urge all Members to vote ``yes'' on the GRID Act. It is a moment 
that we must all come together in order to protect our country.
  Mr. Speaker, I reserve the balance of my time.
  Mr. UPTON. Mr. Speaker, I yield 2 minutes to the distinguished 
ranking member of the full committee, the gentleman from Texas (Mr. 
Barton), in support of the bill.
  Mr. BARTON of Texas. Mr. Speaker, I want to compliment Chairman 
Markey for referring to Mr. Upton as ``Chairman Upton.'' That may be a 
foreteller of things to come, and we appreciate his prescience in 
acknowledging that possibility.
  Mr. Speaker, I do rise in support of H.R. 5026, the Grid Reliability 
and Infrastructure Defense Act, better known as the GRID Act.
  This is an example of legislation that has come to the floor after a 
47-0 bipartisan vote in the Energy and Commerce Committee that shows 
what the Congress can do when Republicans are allowed into the room to 
help draft and put into place legislation. While it is a rare occasion 
in this Congress, it certainly is something that both sides of the 
aisle can be proud of.
  I want to especially commend Subcommittee Chairman Markey, Full 
Committee Chairman Waxman, Ranking Member Upton, and others on both 
sides of the aisle to make this day possible.
  Our electric grid is increasingly vulnerable to cyber attack, and if 
a nation-state or a terrorist group were successful in crippling our 
electric grid, it would have devastating consequences for our economy 
and our national defense. We've read news stories reporting allegations 
that spies may have penetrated the mechanisms that control our power 
supplies.
  Cybersecurity experts report that the ``smart grid'' we are counting 
on to improve reliability and enhance consumer choices could also 
increase our exposure to hackers in places like China and Russia. Our 
defense community is concerned about possible electromagnetic attacks 
from terrorist or hostile countries. We must take substantive action to 
address the susceptibility of our electric systems to such attacks. The 
stakes are just too high for us to do nothing.
  The GRID Act, Mr. Speaker, takes care of all these problems.
  The SPEAKER pro tempore. The time of the gentleman has expired.
  Mr. UPTON. I yield the gentleman 1 additional minute.
  Mr. BARTON of Texas. I appreciate the ranking member's yielding 
additional time.
  The GRID Act would shield both our bulk power system and the 
infrastructure serving critical defense facilities. The legislation 
authorizes the President to address imminent grid security threats 
through the Federal Energy Regulatory Commission, better known as FERC. 
It would give FERC the authority to issue notice-and-comment rule to 
address grid security vulnerabilities.
  As Mr. Markey pointed out, this bill is revenue-neutral. It does not 
increase the Federal deficit in any shape, form, or fashion. It is 
worthy of support.
  I want to repeat again, it came out the Energy and Commerce Committee 
47-0. I hope the House will unanimously vote for this and send it to 
the other body.
  Mr. MARKEY of Massachusetts. I thank the gentleman from Michigan for 
working with the majority in such a cooperative fashion. National 
defense is an area where we should be trying to cooperate, and this 
bill is a preeminent example of that happening in this Congress. And I 
want to thank him and the gentleman from Texas (Mr. Barton) for 
creating that atmosphere which made it possible.
  I think that this is a historic piece of legislation. Mr. Waxman and 
I and all of the Members on our side really do believe that this is the 
way Congress should work. I congratulate the gentleman for his work on 
it.
  I have no further requests for time, and I reserve the balance of my 
time.
  Mr. UPTON. Mr. Speaker, I yield myself the balance of my time.
  I just want to say, this is an issue that we sat down together for 
the last, actually, couple of years examining the facts. Many of us 
that particularly live in areas--for me, the Midwest, coming from 
Michigan, we had a devastating tornado come through this weekend, and 
for many of us, myself included, our electricity went out for a number 
of hours. And then a number of times, particularly during the winter 
and even in the summer where these electric storms that come through, 
sometimes the electricity may be out for a couple of days.
  We look to our friends down in Haiti who, many of them still may not 
have electricity after the devastating earthquake that hit there a 
number of months ago. Can you imagine if that happened here in this 
country, where, because of our grid vulnerabilities, you could be 
perhaps out of electricity for a year or 2, trying to get gasoline to 
get out of there, trying to get refrigeration for your food, trying to 
have a job, take care of your family?
  Some of us read the book ``The Road.'' Lots of different scenarios 
that are out there. We need to be prepared. This bill moves us down 
that road.
  And I again want to compliment my friend, Mr. Markey, to make sure 
that this legislation did move through. We had a lot of bipartisan 
support, a lot of eyes opened and ears too, particularly as we sat 
through some of those classified briefings. Let's hope that the Senate 
moves quickly, the President signs it swiftly, and, in fact, we can see 
legislation move to make sure that those scenarios remain that way and 
don't become realities.
  Mr. THOMPSON of Mississippi. Mr. Speaker, I rise today in support of 
H.R. 5026, the Grid Reliability and Infrastructure Defense--or GRID--
Act.
  As Chairman of the House Committee on Homeland Security, I am well 
aware of the need to protect our Nation's critical infrastructure.
  Our Committee has held numerous classified briefings and public 
hearings on threats to the electric grid. Again and again, we received 
testimony from expert witnesses that our Nation's electric grid has 
inadequate protections against cyber attacks and against significant 
disruptions from electromagnetic threats, EMP, such as solar storms and 
radio frequency devices.
  Further, the Federal Government does not have the authority to ensure 
its security, nor has it partnered effectively with the private sector 
to do so.
  Protecting our electric grid from EMP will require the best efforts 
from both government and industry. To date, the electric sector has had 
a difficult time protecting their assets from EMP threats because 
although the potential impacts are huge, the frequency of their 
occurrence is very low.
  This is one of those cases where government intervention seems 
necessary to protect our most important national critical 
infrastructure.
  Last year, I, along with my ranking member Peter King and many other 
bipartisan members of our Committee introduced H.R. 2195 to give the 
Federal Energy Regulatory Commission authority to require protections 
to be put in place for high impact, low frequency events.
  H.R. 5026 is the product of collaborative work between this Committee 
and our colleagues on the Energy and Commerce Committee, most notably 
Chairman Waxman and Representatives Markey and Barrow.
  Our electric grid is currently strained to capacity.
  We saw during the Northeast Blackout of 2003 what can happen when the 
strained system finally breaks. That blackout interrupted electricity 
delivery to 55 million people in the U.S. and Canada. Luckily, major 
outages only lasted a day or so.
  But just imagine what would happen if the power did not come back on 
for a week, or a month, or several months. What would happen?
  An elecromagnetic pulse could make such an incredible scenario a 
reality.
  The one that most people have heard about is from a high altitude 
burst of a nuclear weapon.
  Also of concern are smaller radio or microwave devices, usually 
termed ``Intentional Electromagnetic Interference'' or ``IEMI''.
  Of particular concern are ``geomagnetically induced currents'', GIC, 
caused by solar activity.
  A 2008 National Academy of Sciences report warned that our Sun will 
inevitably inflict a severe geomagnetic storm with the largest 
geographic footprint of any natural disaster. The damage caused by this 
event could be $1 trillion to $2 trillion, and recovery could take 4 to 
10 years.

[[Page H4262]]

  The next period of maximum solar activity is only two years away.
  From a homeland security perspective, it is important that we take an 
``all hazards'' approach to the risk and increase preparedness for both 
intentional and naturally occurring events.
  While some may argue that the threat of a high-altitude nuclear 
weapon burst perpetrated by a rogue state or a terrorist group is 
remote, I do not discount it. Given the high-consequence nature of such 
an attack, I take it very seriously.
  On the other hand, scientists tell us that the likelihood of a severe 
naturally occurring geomagnetic event capable of crippling our electric 
grid is 100 percent. It will happen; it is just a question of when.
  GIC is a natural occurrence just like earthquakes, wildfires, 
tornadoes or hurricanes.
  Similarly, geomagnetic storms occur from time to time as part of the 
natural activity of the Sun. One such storm, in 1989, disrupted power 
throughout most of Quebec, and resulted in auroras as far south as 
Texas.
  With the significant investments we are making in ``Green Energy'' 
and the ``Smart Grid'', we find ourselves at an opportune moment to 
protect our grid from an EMP and cyber attacks.
  As we expand and improve our grid, we must also build in physical and 
cyber protections from the start, and we must retrofit key elements of 
the existing grid in order to protect it.
  Federal authority and funding are needed if this effort is to 
succeed. H.R. 5026 represents a critical step forward in our efforts to 
meet these homeland security challenges and deserves support from this 
House.
  Therefore, I urge Members to join me and support H.R. 5026.
  Ms. CLARKE. Mr. Speaker, I rise today in strong support of H.R. 5026, 
the Grid Reliability and Infrastructure Defense Act, and urge my 
colleagues to support it. I thank my colleague Chairman Markey for 
bringing this important legislation to the floor.
  The GRID Act empowers the Federal Energy Regulatory Commission, in 
the event of a Presidential emergency declaration, to take actions 
needed to protect our grid.
  I have said this before but it bears repeating: A modern society is 
characterized by the presence of three things: clean available water, 
properly functioning sewage and sanitation services, and electricity.
  I would further assert that the way our present systems function, 
electricity is needed to power those other critical systems. So at a 
minimum, we rely on electricity to function as a modern society.
  It is our very reliance on this infrastructure that makes it an 
obvious target for attack. We know that many of our adversaries--from 
terrorist groups to nation states--have and continue to develop 
capabilities that would allow them to attack and destroy our grid at a 
time of their choosing.
  There are two significant threats to the electric grid. One is the 
threat of cyber attack. Many nation states, like Russia, China, North 
Korea, and Iran, have offensive cyber attack capabilities, while 
terrorist groups like Hezbollah and al Qaeda continue to work to 
develop capabilities to attack and destroy critical infrastructure like 
the electric grid through cyber means.
  If you believe intelligence sources, our grid is already compromised. 
An April 2009 article in the Wall Street Journal cited intelligence 
sources who claim that the grid has already been penetrated by cyber 
intruders from Russia and China who are positioned to activate 
malicious code that could destroy portions of the grid at their 
command.
  The other significant threat to the grid is the threat of a physical 
event that could come in the form of a natural or manmade 
Electromagnetic Pulse, known as EMP. The potentially devastating 
effects of an EMP to the grid are well documented.
  During the Cold War, the U.S. government simulated the effects of EMP 
on our infrastructure, because of the threat of nuclear weapons, which 
emit an EMP after detonation. Though we may no longer fear a nuclear 
attack from Soviet Russia, rogue adversaries (including North Korea and 
Iran) possess and test high altitude missiles that could potentially 
cause a catastrophic pulse across the grid.
  These are but two of the significant emerging threats we face in the 
21st century. Our adversaries openly discuss using these capabilities 
against the United States. According to its ``Cyber Warfare Doctrine,'' 
China's military strategy is designed to achieve global ``electronic 
dominance'' by 2050, to include the capability to disrupt financial 
markets, military and civilian comunications capabilities, and the 
electric grid prior to the initiation of traditional military 
operations.
  Cyber and physical attacks against the grid could both be 
catastrophic and incredibly destructive events, but they are not 
inevitable. Protections can--and must--be put in place ahead of time to 
mitigate the impact of these attacks.
  The time for action is now, support the GRID Act and help ensure 
America's future.
  Mr. UPTON. Mr. Speaker, I yield back the balance of my time.
  Mr. MARKEY of Massachusetts. I yield back the balance of my time with 
the urging of an ``aye'' vote by the Members.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from Massachusetts (Mr. Markey) that the House suspend the 
rules and pass the bill, H.R. 5026, as amended.
  The question was taken; and (two-thirds being in the affirmative) the 
rules were suspended and the bill, as amended, was passed.
  The title was amended so as to read: ``A bill to amend the Federal 
Power Act to protect the bulk-power system and electric infrastructure 
critical to the defense of the United States against cybersecurity and 
other threats and vulnerabilities.''
  A motion to reconsider was laid on the table.

                          ____________________