[Congressional Record Volume 166, Number 169 (Tuesday, September 29, 2020)]
[House]
[Pages H4968-H4969]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
CYBER SENSE ACT OF 2020
Mr. PALLONE. Mr. Speaker, I move to suspend the rules and pass the
bill (H.R. 360) to require the Secretary of Energy to establish a
voluntary Cyber Sense program to test the cybersecurity of products and
technologies intended for use in the bulk-power system, and for other
purposes, as amended.
The Clerk read the title of the bill.
The text of the bill is as follows:
H.R. 360
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Cyber Sense Act of 2020''.
SEC. 2. CYBER SENSE.
(a) In General.--The Secretary of Energy, in coordination
with relevant Federal agencies, shall establish a voluntary
Cyber Sense program to test the cybersecurity of products and
technologies intended for use in the bulk-power system, as
defined in section 215(a) of the Federal Power Act (16 U.S.C.
824o(a)).
(b) Program Requirements.--In carrying out subsection (a),
the Secretary of Energy shall--
(1) establish a testing process under the Cyber Sense
program to test the cybersecurity of products and
technologies intended for use in the bulk-power system,
including products relating to industrial control systems and
operational technologies, such as supervisory control and
data acquisition systems;
(2) for products and technologies tested under the Cyber
Sense program, establish and maintain cybersecurity
vulnerability reporting processes and a related database;
(3) provide technical assistance to electric utilities,
product manufacturers, and other electricity sector
stakeholders to develop solutions to mitigate identified
cybersecurity vulnerabilities in products and technologies
tested under the Cyber Sense program;
(4) biennially review products and technologies tested
under the Cyber Sense program for cybersecurity
vulnerabilities and provide analysis with respect to how such
products and technologies respond to and mitigate cyber
threats;
(5) develop guidance, that is informed by analysis and
testing results under the Cyber Sense program, for electric
utilities for procurement of products and technologies;
(6) provide reasonable notice to the public, and solicit
comments from the public, prior to establishing or revising
the testing process under the Cyber Sense program;
(7) oversee testing of products and technologies under the
Cyber Sense program; and
(8) consider incentives to encourage the use of analysis
and results of testing under the Cyber Sense program in the
design of products and technologies for use in the bulk-power
system.
(c) Disclosure of Information.--Any cybersecurity
vulnerability reported pursuant to a process established
under subsection (b)(2), the disclosure of which the
Secretary of Energy reasonably foresees would cause harm to
critical electric infrastructure (as defined in section 215A
of the Federal Power Act), shall be deemed to be critical
electric infrastructure information for purposes of section
215A(d) of the Federal Power Act.
(d) Federal Government Liability.--Nothing in this section
shall be construed to authorize the commencement of an action
against the United States Government with respect to the
testing of a product or technology under the Cyber Sense
program.
The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New
Jersey (Mr. Pallone) and the gentleman from Oregon (Mr. Walden) each
will control 20 minutes.
The Chair recognizes the gentleman from New Jersey.
General Leave
Mr. PALLONE. Mr. Speaker, I ask unanimous consent that all Members
may have 5 legislative days in which to revise and extend their remarks
and include extraneous material on H.R. 360.
The SPEAKER pro tempore. Is there objection to the request of the
gentleman from New Jersey?
There was no objection.
Mr. PALLONE. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, I rise in support of H.R. 360, the Cyber Sense Act of
2020.
Grid security is a national security issue and one that is clearly
and properly delegated under law to the Secretary of Energy to manage
together with the industry. We must give the electric sector the tools
and technologies necessary to protect our grid from malicious harm.
Fortunately, there has not yet been a broad cyberattack that has
taken down large parts of the grid in the United States, but we must
not let our guard down.
H.R. 360 gives the Department of Energy important and new authorities
to facilitate more secure technologies and equipment in our Nation's
grid. It also now requires the Secretary to coordinate with the
Department of Homeland Security and other relevant Federal agencies in
order to ensure smooth and seamless implementation across the Federal
Government.
This bill requires the Department of Energy to set up a voluntary
Cyber Sense program to identify cyber-secure products that could be
used in the bulk-power system.
This program would also provide technical assistance to electric
utilities and product manufacturers to assist them in developing
solutions to mitigate cyber vulnerabilities in the grid.
I thank my colleagues, Representative McNerney and Representative
Latta, for their hard work on this critical issue. Their partnership
and bipartisan leadership on cybersecurity matters continues to benefit
us all.
Mr. Speaker, I urge my colleagues to support this important bill, and
I reserve the balance of my time.
Mr. WALDEN. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, H.R. 360, the Cyber Sense Act, was authored and
introduced by my Energy and Commerce Committee colleagues, Mr. Latta
and Mr. McNerney.
The bill was reported unanimously from the Energy and Commerce
Committee to improve the cybersecurity of the supply chains for the
components of our Nation's electricity infrastructure.
To ensure the security of our Nation's electricity grid means we must
ensure bulk-power system components and technologies are not vulnerable
to cyber threats and attacks.
This is especially important, given the threats our nation-state
adversaries pose to the bulk-power and electric systems, as indicated
by the President's May 1, 2020, executive order giving the Department
of Energy authority to take action to protect the bulk-power system.
This bill would help that effort.
H.R. 360 would establish a voluntary Department of Energy program
that identifies and promotes cyber-secure products intended for use in
the bulk-power system, including products related to industrial control
systems.
The bill would authorize the Department of Energy to provide
technical assistance to electric utilities, product manufacturers, and
other electricity sector stakeholders to help mitigate identified
cybersecurity vulnerabilities.
The bill also was amended to make clear these efforts of the
Department of Energy would include, as appropriate, other relevant
Federal agencies like the Department of Homeland Security.
Mr. Speaker, a vote for H.R. 360 is a vote for providing an important
new tool to electric utility supply chains from cybersecurity threats.
I urge support of the legislation, and I reserve the balance of my
time.
Mr. PALLONE. Mr. Speaker, I yield such time as he may consume to the
gentleman from California (Mr. McNerney).
Mr. McNERNEY. Mr. Speaker, for lawmakers to encourage and enable
innovative advancements that can improve the security and reliability
of our Nation's energy grid, we must work on a bipartisan basis, as the
bills under consideration show.
Fortunately, the modernization and innovation of our Nation's energy
infrastructure is already under way. What was once a one-way delivery
system has evolved into a dynamic network where information and energy
flow both ways.
Technological advancements are also born from the need to secure the
energy grid against potential physical and cyber threats. For example,
the technology allowing for the rerouting of power and quick response
in the event of attacks is being deployed across the grid.
The cooperation among Federal, State, and local governments is
essential to protecting Americans and our
[[Page H4969]]
Nation's infrastructure. Given today's cyber environment, it is more
important than ever that Congress pursue policies that continue to
foster these exciting developments and support our grid infrastructure.
This bill, the Cyber Sense Act of 2019, makes important headway in
protecting our critical grid infrastructure. The Cyber Sense Act would
create a voluntary program through the Department of Energy to identify
cyber-secure products intended for use in the bulk-power grid through a
testing and verification program.
The bill also establishes a testing process for products, along with
a reporting process for cyber vulnerabilities. It would require the
Secretary of Energy to keep a related database on the products which
will aid electric utilities that are evaluating products and their
potential to cause harm to the electric grid.
The bulk-power system supports American industry and provides all the
benefits of reliable electric power to the American people. However,
the increasing frequency of cyberattacks on industrial control systems
of critical infrastructure importance continues to be a concern to the
electric power sector.
As the grid is modernized and the digital advantages afforded by
internet connectivity are adopted, it is essential that we ensure these
systems are as secure as possible. Any vulnerable component in the grid
is a threat to our security, and this bill will go a long way to
strengthening our system.
I thank my colleague, Mr. Latta, for his partnership in our efforts
as co-chairs of the Grid Innovation Caucus, and I look forward to
continuing to work with him and others to ensure a more secure and
resilient grid.
Mr. Speaker, I urge my fellow Members to support this bill.
Mr. WALDEN. Mr. Speaker, I yield such time as he may consume to the
gentleman from Ohio (Mr. Latta), the coauthor of this bill.
{time} 1230
Mr. LATTA. Mr. Speaker, I thank the gentleman, my friend, the ranking
Republican Member of the Energy and Commerce Committee, for yielding.
I rise in support of my legislation, H.R. 360, the Cyber Sense Act.
This legislation is one of two bipartisan bills that my friend from
California, Congressman McNerney, and I have worked on over the past
two Congresses to improve the resiliency of our Nation's electric grid
against cyberattacks. The second, H.R. 359, will be considered
following this debate, and I urge my colleagues to also support it.
Mr. Speaker, over the last quarter century, we have seen incredible
changes in the way we communicate with the rest of the world and the
way we engage in commerce. Along with these changes, we have also seen
innovations in technologies that power society, resulting in a more
efficient and streamlined electric grid.
Our country's grid has maintained a high level of reliability as our
society has undertaken these changes, which is a fact that should not
be taken for granted.
Unfortunately, the promise of a more interconnected society also
means we must also address the challenges and vulnerabilities that
arise with it. Every day, malignant actors, ranging from individuals,
hackers, and foreign states, are attempting to exploit vulnerabilities
in our electric grid to cause chaos or for other nefarious purposes.
To improve and protect our Nation's grid, I introduced the Cyber
Sense Act, which would create a voluntary Cyber Sense program within
the United States Department of Energy to identify and promote cyber-
secure products for use in the bulk-power system. It would also
establish a testing process for the products along with a reporting
process of cybersecurity vulnerability.
This legislation was unanimously reported out of the Energy and
Commerce Committee last year and is supported by the Department of
Energy, and industry.
Mr. Speaker, I thank the full committee Chairman Pallone,
Subcommittee Chairman Rush; the full committee Republican Ranking
Member Walden, and also subcommittee Ranking Member Upton; and both the
majority and minority E&C staff for helping us get these bills where
they are today.
Mr. Speaker, I urge my colleagues to support the Cyber Sense Act as
well as H.R. 359.
Mr. WALDEN. Mr. Speaker, I have no other speakers on this side. I
would just encourage my colleagues to join me in supporting passage of
H.R. 360.
Mr. Speaker, I yield back the balance of my time.
Mr. PALLONE. Mr. Speaker, I have no additional Members that wish to
speak.
Mr. Speaker, I enter into the Record a letter to the Speaker and the
minority leader from the American Public Power Association, Edison
Electric Institute, and the National Rural Electric Cooperative
Association in support of this legislation.
September 28, 2020.
Hon. Nancy Pelosi,
House of Representatives,
Washington, DC.
Hon. Kevin McCarthy,
House of Representatives,
Washington, DC.
Dear Speaker Pelosi and Minority Leader McCarthy: We are
writing in support of full House consideration of three
electric grid security bills passed by the House Energy and
Commerce Committee: H.R. 359, the Enhancing Grid Security
through Public-Private Partnerships Act; H.R. 360, the Cyber
Sense Act of 2020; and H.R. 362, the Energy Emergency
Leadership Act.
APPA is the national service organization for not-for-
profit, community-owned utilities that power 2,000 towns and
cities nationwide. Public power utilities account for over 15
percent of all electric sales to over 49 million customers in
every state but Hawaii. EEI is the association that
represents all U.S. investor-owned electric companies. EEI
members provide electricity for about 220 million Americans,
and operate in all 50 states and the District of Columbia.
NRECA is the national service organization representing the
interests of cooperative electric utilities and the consumers
they serve. More than 900 not-for-profit rural electric
utilities provide electricity to over 42 million people in 48
states.
Protecting and maintaining electric sector security and
reliability is a top priority for our associations and our
members. To keep up with evolving threats, the industry
welcomes close coordination with government partners. The
bills scheduled for consideration by the House this week are
aimed at strengthening our shared responsibility to protect
the nation's critical infrastructure. We are particularly
supportive of H.R. 359 and H.R. 362. H.R. 359 directs DOE to
establish a program to facilitate and encourage public-
private partnerships to promote and advance the physical and
cybersecurity of the electric power sector. H.R. 362 would
amend the DOE Organization Act to include energy emergency
and energy security among the functions that the Secretary
assigns to an Assistant Secretary, with the intent to clarify
and codify the functions of DOE's Office of Cybersecurity,
Energy Security, and Emergency Response (CESER).
Thank you for your consideration. We appreciate your
leadership and efforts to help improve the security of our
nation's electric grid.
Sincerely,
American Public Power Association.
Edison Electric Institute.
National Rural Electric Cooperative Association.
Mr. PALLONE. Mr. Speaker, I ask my colleagues to support this
important bill, and I yield back the balance of my time.
The SPEAKER pro tempore. The question is on the motion offered by the
gentleman from New Jersey (Mr. Pallone) that the House suspend the
rules and pass the bill, H.R. 360, as amended.
The question was taken; and (two-thirds being in the affirmative) the
rules were suspended and the bill, as amended, was passed.
A motion to reconsider was laid on the table.
____________________