[Congressional Record Volume 166, Number 169 (Tuesday, September 29, 2020)]
[House]
[Pages H4968-H4969]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                        CYBER SENSE ACT OF 2020

  Mr. PALLONE. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 360) to require the Secretary of Energy to establish a 
voluntary Cyber Sense program to test the cybersecurity of products and 
technologies intended for use in the bulk-power system, and for other 
purposes, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                                H.R. 360

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Cyber Sense Act of 2020''.

     SEC. 2. CYBER SENSE.

       (a) In General.--The Secretary of Energy, in coordination 
     with relevant Federal agencies, shall establish a voluntary 
     Cyber Sense program to test the cybersecurity of products and 
     technologies intended for use in the bulk-power system, as 
     defined in section 215(a) of the Federal Power Act (16 U.S.C. 
     824o(a)).
       (b) Program Requirements.--In carrying out subsection (a), 
     the Secretary of Energy shall--
       (1) establish a testing process under the Cyber Sense 
     program to test the cybersecurity of products and 
     technologies intended for use in the bulk-power system, 
     including products relating to industrial control systems and 
     operational technologies, such as supervisory control and 
     data acquisition systems;
       (2) for products and technologies tested under the Cyber 
     Sense program, establish and maintain cybersecurity 
     vulnerability reporting processes and a related database;
       (3) provide technical assistance to electric utilities, 
     product manufacturers, and other electricity sector 
     stakeholders to develop solutions to mitigate identified 
     cybersecurity vulnerabilities in products and technologies 
     tested under the Cyber Sense program;
       (4) biennially review products and technologies tested 
     under the Cyber Sense program for cybersecurity 
     vulnerabilities and provide analysis with respect to how such 
     products and technologies respond to and mitigate cyber 
     threats;
       (5) develop guidance, that is informed by analysis and 
     testing results under the Cyber Sense program, for electric 
     utilities for procurement of products and technologies;
       (6) provide reasonable notice to the public, and solicit 
     comments from the public, prior to establishing or revising 
     the testing process under the Cyber Sense program;
       (7) oversee testing of products and technologies under the 
     Cyber Sense program; and
       (8) consider incentives to encourage the use of analysis 
     and results of testing under the Cyber Sense program in the 
     design of products and technologies for use in the bulk-power 
     system.
       (c) Disclosure of Information.--Any cybersecurity 
     vulnerability reported pursuant to a process established 
     under subsection (b)(2), the disclosure of which the 
     Secretary of Energy reasonably foresees would cause harm to 
     critical electric infrastructure (as defined in section 215A 
     of the Federal Power Act), shall be deemed to be critical 
     electric infrastructure information for purposes of section 
     215A(d) of the Federal Power Act.
       (d) Federal Government Liability.--Nothing in this section 
     shall be construed to authorize the commencement of an action 
     against the United States Government with respect to the 
     testing of a product or technology under the Cyber Sense 
     program.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New 
Jersey (Mr. Pallone) and the gentleman from Oregon (Mr. Walden) each 
will control 20 minutes.
  The Chair recognizes the gentleman from New Jersey.


                             General Leave

  Mr. PALLONE. Mr. Speaker, I ask unanimous consent that all Members 
may have 5 legislative days in which to revise and extend their remarks 
and include extraneous material on H.R. 360.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from New Jersey?
  There was no objection.
  Mr. PALLONE. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I rise in support of H.R. 360, the Cyber Sense Act of 
2020.
  Grid security is a national security issue and one that is clearly 
and properly delegated under law to the Secretary of Energy to manage 
together with the industry. We must give the electric sector the tools 
and technologies necessary to protect our grid from malicious harm.
  Fortunately, there has not yet been a broad cyberattack that has 
taken down large parts of the grid in the United States, but we must 
not let our guard down.
  H.R. 360 gives the Department of Energy important and new authorities 
to facilitate more secure technologies and equipment in our Nation's 
grid. It also now requires the Secretary to coordinate with the 
Department of Homeland Security and other relevant Federal agencies in 
order to ensure smooth and seamless implementation across the Federal 
Government.
  This bill requires the Department of Energy to set up a voluntary 
Cyber Sense program to identify cyber-secure products that could be 
used in the bulk-power system.
  This program would also provide technical assistance to electric 
utilities and product manufacturers to assist them in developing 
solutions to mitigate cyber vulnerabilities in the grid.
  I thank my colleagues, Representative McNerney and Representative 
Latta, for their hard work on this critical issue. Their partnership 
and bipartisan leadership on cybersecurity matters continues to benefit 
us all.
  Mr. Speaker, I urge my colleagues to support this important bill, and 
I reserve the balance of my time.
  Mr. WALDEN. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, H.R. 360, the Cyber Sense Act, was authored and 
introduced by my Energy and Commerce Committee colleagues, Mr. Latta 
and Mr. McNerney.
  The bill was reported unanimously from the Energy and Commerce 
Committee to improve the cybersecurity of the supply chains for the 
components of our Nation's electricity infrastructure.
  To ensure the security of our Nation's electricity grid means we must 
ensure bulk-power system components and technologies are not vulnerable 
to cyber threats and attacks.
  This is especially important, given the threats our nation-state 
adversaries pose to the bulk-power and electric systems, as indicated 
by the President's May 1, 2020, executive order giving the Department 
of Energy authority to take action to protect the bulk-power system. 
This bill would help that effort.
  H.R. 360 would establish a voluntary Department of Energy program 
that identifies and promotes cyber-secure products intended for use in 
the bulk-power system, including products related to industrial control 
systems.
  The bill would authorize the Department of Energy to provide 
technical assistance to electric utilities, product manufacturers, and 
other electricity sector stakeholders to help mitigate identified 
cybersecurity vulnerabilities.
  The bill also was amended to make clear these efforts of the 
Department of Energy would include, as appropriate, other relevant 
Federal agencies like the Department of Homeland Security.
  Mr. Speaker, a vote for H.R. 360 is a vote for providing an important 
new tool to electric utility supply chains from cybersecurity threats. 
I urge support of the legislation, and I reserve the balance of my 
time.
  Mr. PALLONE. Mr. Speaker, I yield such time as he may consume to the 
gentleman from California (Mr. McNerney).
  Mr. McNERNEY. Mr. Speaker, for lawmakers to encourage and enable 
innovative advancements that can improve the security and reliability 
of our Nation's energy grid, we must work on a bipartisan basis, as the 
bills under consideration show.
  Fortunately, the modernization and innovation of our Nation's energy 
infrastructure is already under way. What was once a one-way delivery 
system has evolved into a dynamic network where information and energy 
flow both ways.
  Technological advancements are also born from the need to secure the 
energy grid against potential physical and cyber threats. For example, 
the technology allowing for the rerouting of power and quick response 
in the event of attacks is being deployed across the grid.
  The cooperation among Federal, State, and local governments is 
essential to protecting Americans and our

[[Page H4969]]

Nation's infrastructure. Given today's cyber environment, it is more 
important than ever that Congress pursue policies that continue to 
foster these exciting developments and support our grid infrastructure.
  This bill, the Cyber Sense Act of 2019, makes important headway in 
protecting our critical grid infrastructure. The Cyber Sense Act would 
create a voluntary program through the Department of Energy to identify 
cyber-secure products intended for use in the bulk-power grid through a 
testing and verification program.
  The bill also establishes a testing process for products, along with 
a reporting process for cyber vulnerabilities. It would require the 
Secretary of Energy to keep a related database on the products which 
will aid electric utilities that are evaluating products and their 
potential to cause harm to the electric grid.
  The bulk-power system supports American industry and provides all the 
benefits of reliable electric power to the American people. However, 
the increasing frequency of cyberattacks on industrial control systems 
of critical infrastructure importance continues to be a concern to the 
electric power sector.
  As the grid is modernized and the digital advantages afforded by 
internet connectivity are adopted, it is essential that we ensure these 
systems are as secure as possible. Any vulnerable component in the grid 
is a threat to our security, and this bill will go a long way to 
strengthening our system.
  I thank my colleague, Mr. Latta, for his partnership in our efforts 
as co-chairs of the Grid Innovation Caucus, and I look forward to 
continuing to work with him and others to ensure a more secure and 
resilient grid.
  Mr. Speaker, I urge my fellow Members to support this bill.
  Mr. WALDEN. Mr. Speaker, I yield such time as he may consume to the 
gentleman from Ohio (Mr. Latta), the coauthor of this bill.

                              {time}  1230

  Mr. LATTA. Mr. Speaker, I thank the gentleman, my friend, the ranking 
Republican Member of the Energy and Commerce Committee, for yielding.
  I rise in support of my legislation, H.R. 360, the Cyber Sense Act.
  This legislation is one of two bipartisan bills that my friend from 
California, Congressman McNerney, and I have worked on over the past 
two Congresses to improve the resiliency of our Nation's electric grid 
against cyberattacks. The second, H.R. 359, will be considered 
following this debate, and I urge my colleagues to also support it.
  Mr. Speaker, over the last quarter century, we have seen incredible 
changes in the way we communicate with the rest of the world and the 
way we engage in commerce. Along with these changes, we have also seen 
innovations in technologies that power society, resulting in a more 
efficient and streamlined electric grid.
  Our country's grid has maintained a high level of reliability as our 
society has undertaken these changes, which is a fact that should not 
be taken for granted.
  Unfortunately, the promise of a more interconnected society also 
means we must also address the challenges and vulnerabilities that 
arise with it. Every day, malignant actors, ranging from individuals, 
hackers, and foreign states, are attempting to exploit vulnerabilities 
in our electric grid to cause chaos or for other nefarious purposes.
  To improve and protect our Nation's grid, I introduced the Cyber 
Sense Act, which would create a voluntary Cyber Sense program within 
the United States Department of Energy to identify and promote cyber-
secure products for use in the bulk-power system. It would also 
establish a testing process for the products along with a reporting 
process of cybersecurity vulnerability.
  This legislation was unanimously reported out of the Energy and 
Commerce Committee last year and is supported by the Department of 
Energy, and industry.
  Mr. Speaker, I thank the full committee Chairman Pallone, 
Subcommittee Chairman Rush; the full committee Republican Ranking 
Member Walden, and also subcommittee Ranking Member Upton; and both the 
majority and minority E&C staff for helping us get these bills where 
they are today.
  Mr. Speaker, I urge my colleagues to support the Cyber Sense Act as 
well as H.R. 359.
  Mr. WALDEN. Mr. Speaker, I have no other speakers on this side. I 
would just encourage my colleagues to join me in supporting passage of 
H.R. 360.
  Mr. Speaker, I yield back the balance of my time.
  Mr. PALLONE. Mr. Speaker, I have no additional Members that wish to 
speak.
  Mr. Speaker, I enter into the Record a letter to the Speaker and the 
minority leader from the American Public Power Association, Edison 
Electric Institute, and the National Rural Electric Cooperative 
Association in support of this legislation.
                                               September 28, 2020.
     Hon. Nancy Pelosi,
     House of Representatives,
     Washington, DC.
     Hon. Kevin McCarthy,
     House of Representatives,
     Washington, DC.
       Dear Speaker Pelosi and Minority Leader McCarthy: We are 
     writing in support of full House consideration of three 
     electric grid security bills passed by the House Energy and 
     Commerce Committee: H.R. 359, the Enhancing Grid Security 
     through Public-Private Partnerships Act; H.R. 360, the Cyber 
     Sense Act of 2020; and H.R. 362, the Energy Emergency 
     Leadership Act.
       APPA is the national service organization for not-for-
     profit, community-owned utilities that power 2,000 towns and 
     cities nationwide. Public power utilities account for over 15 
     percent of all electric sales to over 49 million customers in 
     every state but Hawaii. EEI is the association that 
     represents all U.S. investor-owned electric companies. EEI 
     members provide electricity for about 220 million Americans, 
     and operate in all 50 states and the District of Columbia. 
     NRECA is the national service organization representing the 
     interests of cooperative electric utilities and the consumers 
     they serve. More than 900 not-for-profit rural electric 
     utilities provide electricity to over 42 million people in 48 
     states.
       Protecting and maintaining electric sector security and 
     reliability is a top priority for our associations and our 
     members. To keep up with evolving threats, the industry 
     welcomes close coordination with government partners. The 
     bills scheduled for consideration by the House this week are 
     aimed at strengthening our shared responsibility to protect 
     the nation's critical infrastructure. We are particularly 
     supportive of H.R. 359 and H.R. 362. H.R. 359 directs DOE to 
     establish a program to facilitate and encourage public-
     private partnerships to promote and advance the physical and 
     cybersecurity of the electric power sector. H.R. 362 would 
     amend the DOE Organization Act to include energy emergency 
     and energy security among the functions that the Secretary 
     assigns to an Assistant Secretary, with the intent to clarify 
     and codify the functions of DOE's Office of Cybersecurity, 
     Energy Security, and Emergency Response (CESER).
       Thank you for your consideration. We appreciate your 
     leadership and efforts to help improve the security of our 
     nation's electric grid.
           Sincerely,
     American Public Power Association.
     Edison Electric Institute.
     National Rural Electric Cooperative Association.

  Mr. PALLONE. Mr. Speaker, I ask my colleagues to support this 
important bill, and I yield back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from New Jersey (Mr. Pallone) that the House suspend the 
rules and pass the bill, H.R. 360, as amended.
  The question was taken; and (two-thirds being in the affirmative) the 
rules were suspended and the bill, as amended, was passed.
  A motion to reconsider was laid on the table.

                          ____________________