[Congressional Record Volume 164, Number 200 (Wednesday, December 19, 2018)]
[Senate]
[Pages S7953-S7954]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                   SECURING ENERGY INFRASTRUCTURE ACT

  Mr. BOOZMAN. I ask unanimous consent that the Senate proceed to the 
immediate consideration of Calendar No. 410, S. 79.
  The PRESIDING OFFICER. The clerk will report the bill by title.
  The senior assistant legislative clerk read as follows:

       A bill (S. 79) to provide for the establishment of a pilot 
     program to identify security vulnerabilities of certain 
     entities in the energy sector.

  There being no objection, the Senate proceeded to consider the bill, 
which had been reported from the Committee on Energy and Natural 
Resources, with an amendment to strike all after the enacting clause 
and insert in lieu thereof the following:

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Securing Energy 
     Infrastructure Act''.

     SEC. 2. DEFINITIONS.

       In this Act:
       (1) Appropriate committee of congress.--The term 
     ``appropriate committee of Congress'' means--
       (A) the Select Committee on Intelligence, the Committee on 
     Homeland Security and Governmental Affairs, and the Committee 
     on Energy and Natural Resources of the Senate; and
       (B) the Permanent Select Committee on Intelligence, the 
     Committee on Homeland Security, and the Committee on Energy 
     and Commerce of the House of Representatives.
       (2) Covered entity.--The term ``covered entity'' means an 
     entity identified pursuant to section 9(a) of Executive Order 
     13636 of February 12, 2013 (78 Fed. Reg. 11742), relating to 
     identification of critical infrastructure where a 
     cybersecurity incident could reasonably result in 
     catastrophic regional or national effects on public health or 
     safety, economic security, or national security.
       (3) Exploit.--The term ``exploit'' means a software tool 
     designed to take advantage of a security vulnerability.
       (4) Industrial control system.--
       (A) In general.--The term ``industrial control system'' 
     means an operational technology used to measure, control, or 
     manage industrial functions.
       (B) Inclusions.--The term ``industrial control system'' 
     includes supervisory control and data acquisition systems, 
     distributed control systems, and programmable logic or 
     embedded controllers.
       (5) National laboratory.--The term ``National Laboratory'' 
     has the meaning given the term in section 2 of the Energy 
     Policy Act of 2005 (42 U.S.C. 15801).
       (6) Program.--The term ``Program'' means the pilot program 
     established under section 3.
       (7) Secretary.--The term ``Secretary'' means the Secretary 
     of Energy.
       (8) Security vulnerability.--The term ``security 
     vulnerability'' means any attribute of hardware, software, 
     process, or procedure that could enable or facilitate the 
     defeat of a security control.

     SEC. 3. PILOT PROGRAM FOR SECURING ENERGY INFRASTRUCTURE.

       Not later than 180 days after the date of enactment of this 
     Act, the Secretary shall establish a 2-year control systems 
     implementation pilot program within the National Laboratories 
     for the purposes of--
       (1) partnering with covered entities in the energy sector 
     (including critical component manufacturers in the supply 
     chain) that voluntarily participate in the Program to 
     identify new classes of security vulnerabilities of the 
     covered entities; and
       (2) evaluating technology and standards, in partnership 
     with covered entities, to isolate and defend industrial 
     control systems of covered entities from security 
     vulnerabilities and exploits in the most critical systems of 
     the covered entities, including--
       (A) analog and nondigital control systems;
       (B) purpose-built control systems; and
       (C) physical controls.

     SEC. 4. WORKING GROUP TO EVALUATE PROGRAM STANDARDS AND 
                   DEVELOP STRATEGY.

       (a) Establishment.--The Secretary shall establish a working 
     group--
       (1) to evaluate the technology and standards used in the 
     Program under section 3(2); and
       (2) to develop a national cyber-informed engineering 
     strategy to isolate and defend covered entities from security 
     vulnerabilities and exploits in the most critical systems of 
     the covered entities.
       (b) Membership.--The working group established under 
     subsection (a) shall be composed of not fewer than 10 
     members, to be appointed by the Secretary, at least 1 member 
     of which shall represent each of the following:
       (1) The Department of Energy.
       (2) The energy industry, including electric utilities and 
     manufacturers recommended by the Energy Sector coordinating 
     councils.
       (3)(A) The Department of Homeland Security; or
       (B) the Industrial Control Systems Cyber Emergency Response 
     Team.
       (4) The North American Electric Reliability Corporation.
       (5) The Nuclear Regulatory Commission.
       (6)(A) The Office of the Director of National Intelligence; 
     or
       (B) the intelligence community (as defined in section 3 of 
     the National Security Act of 1947 (50 U.S.C. 3003)).
       (7)(A) The Department of Defense; or
       (B) the Assistant Secretary of Defense for Homeland 
     Security and America's Security Affairs.
       (8) A State or regional energy agency.
       (9) A national research body or academic institution.
       (10) The National Laboratories.

     SEC. 5. REPORTS ON THE PROGRAM.

       (a) Interim Report.--Not later than 180 days after the date 
     on which funds are first disbursed under the Program, the 
     Secretary shall submit to the appropriate committees of 
     Congress an interim report that--
       (1) describes the results of the Program;
       (2) includes an analysis of the feasibility of each method 
     studied under the Program; and
       (3) describes the results of the evaluations conducted by 
     the working group established under section 4(a).
       (b) Final Report.--Not later than 2 years after the date on 
     which funds are first disbursed under the Program, the 
     Secretary shall submit to the appropriate committees of 
     Congress a final report that--
       (1) describes the results of the Program;
       (2) includes an analysis of the feasibility of each method 
     studied under the Program; and
       (3) describes the results of the evaluations conducted by 
     the working group established under section 4(a).

     SEC. 6. EXEMPTION FROM DISCLOSURE.

       Information shared by or with the Federal Government or a 
     State, Tribal, or local government under this Act shall be--
       (1) deemed to be voluntarily shared information;
       (2) exempt from disclosure under section 552 of title 5, 
     United States Code, or any provision of any State, Tribal, or 
     local freedom of information law, open government law, open 
     meetings law, open records law, sunshine law, or similar law 
     requiring the disclosure of information or records; and
       (3) withheld from the public, without discretion, under 
     section 552(b)(3) of title 5, United States Code, or any 
     provision of a State, Tribal, or local law requiring the 
     disclosure of information or records.

     SEC. 7. PROTECTION FROM LIABILITY.

       (a) In General.--A cause of action against a covered entity 
     for engaging in the voluntary activities authorized under 
     section 3--
       (1) shall not lie or be maintained in any court; and

[[Page S7954]]

       (2) shall be promptly dismissed by the applicable court.
       (b) Voluntary Activities.--Nothing in this Act subjects any 
     covered entity to liability for not engaging in the voluntary 
     activities authorized under section 3.

     SEC. 8. NO NEW REGULATORY AUTHORITY FOR FEDERAL AGENCIES.

       Nothing in this Act authorizes the Secretary or the head of 
     any other department or agency of the Federal Government to 
     issue new regulations.

     SEC. 9. AUTHORIZATION OF APPROPRIATIONS.

       (a) Pilot Program.--There is authorized to be appropriated 
     $10,000,000 to carry out section 3.
       (b) Working Group and Report.--There is authorized to be 
     appropriated $1,500,000 to carry out sections 4 and 5.
       (c) Availability.--Amounts made available under subsections 
     (a) and (b) shall remain available until expended.
  Mr. BOOZMAN. I ask unanimous consent that the committee-reported 
substitute amendment be agreed to and that the bill, as amended, be 
considered read a third time.
  The PRESIDING OFFICER. Without objection, it is so ordered.
  The committee-reported amendment in the nature of a substitute was 
agreed to.
  The bill was ordered to be engrossed for a third reading and was read 
the third time.
  Mr. BOOZMAN. I know of no further debate on the bill.
  The PRESIDING OFFICER. The bill having been read the third time, the 
question is, Shall the bill pass?
  The bill (S. 79), as amended, was passed.
  Mr. BOOZMAN. I ask unanimous consent that the motion to reconsider be 
considered made and laid upon the table.
  The PRESIDING OFFICER. Without objection, it is so ordered.

                          ____________________