[Congressional Record Volume 166, Number 169 (Tuesday, September 29, 2020)]
[House]
[Pages H4969-H4971]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
ENHANCING GRID SECURITY THROUGH PUBLIC-PRIVATE PARTNERSHIPS ACT
Mr. PALLONE. Mr. Speaker, I move to suspend the rules and pass the
bill (H.R. 359) to provide for certain programs and developments in the
Department of Energy concerning the cybersecurity and vulnerabilities
of, and physical threats to, the electric grid, and for other purposes,
as amended.
The Clerk read the title of the bill.
The text of the bill is as follows:
H.R. 359
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
[[Page H4970]]
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Enhancing Grid Security
through Public-Private Partnerships Act''.
SEC. 2. PROGRAM TO PROMOTE AND ADVANCE PHYSICAL SECURITY AND
CYBERSECURITY OF ELECTRIC UTILITIES.
(a) Establishment.--The Secretary of Energy, in
coordination with relevant Federal agencies and in
consultation with State regulatory authorities, industry
stakeholders, and the Electric Reliability Organization, as
the Secretary determines appropriate, shall carry out a
program to--
(1) develop, and provide for voluntary implementation of,
maturity models, self-assessments, and auditing methods for
assessing the physical security and cybersecurity of electric
utilities;
(2) provide training to electric utilities to address and
mitigate cybersecurity supply chain management risks;
(3) increase opportunities for sharing best practices and
data collection within the electric sector;
(4) assist with cybersecurity training for electric
utilities;
(5) advance the cybersecurity of third-party vendors that
work in partnerships with electric utilities; and
(6) provide technical assistance for electric utilities
subject to the program.
(b) Scope.--In carrying out the program under subsection
(a), the Secretary of Energy shall--
(1) take into consideration different sizes of electric
utilities and the regions that such electric utilities serve;
(2) prioritize electric utilities with fewer available
resources due to size or region; and
(3) to the extent practicable, utilize and leverage
existing Department of Energy programs.
(c) Protection of Information.--Information provided to, or
collected by, the Federal Government pursuant to this
section--
(1) shall be exempt from disclosure under section 552(b)(3)
of title 5, United States Code; and
(2) shall not be made available by any Federal, State,
political subdivision or tribal authority pursuant to any
Federal, State, political subdivision, or tribal law
requiring public disclosure of information or records.
SEC. 3. REPORT ON CYBERSECURITY AND DISTRIBUTION SYSTEMS.
(a) In General.--The Secretary of Energy, in coordination
with relevant Federal agencies and in consultation with State
regulatory authorities, industry stakeholders, and the
Electric Reliability Organization, as the Secretary
determines appropriate, shall submit to Congress a report
that assesses--
(1) priorities, policies, procedures, and actions for
enhancing the physical security and cybersecurity of
electricity distribution systems to address threats to, and
vulnerabilities of, such electricity distribution systems;
and
(2) implementation of such priorities, policies,
procedures, and actions, including an estimate of potential
costs and benefits of such implementation, including any
public-private cost-sharing opportunities.
(b) Protection of Information.--Information provided to, or
collected by, the Federal Government pursuant to this
section--
(1) shall be exempt from disclosure under section 552(b)(3)
of title 5, United States Code; and
(2) shall not be made available by any Federal, State,
political subdivision or tribal authority pursuant to any
Federal, State, political subdivision, or tribal law
requiring public disclosure of information or records.
SEC. 4. ELECTRICITY INTERRUPTION INFORMATION.
(a) Interruption Cost Estimate Calculator.--The Secretary
of Energy, in coordination with relevant Federal agencies and
in consultation with State regulatory authorities, industry
stakeholders, and the Electric Reliability Organization, as
the Secretary determines appropriate, shall update the
Interruption Cost Estimate Calculator, as often as
appropriate and feasible, but not less than once every 2
years.
(b) Indices.--The Secretary of Energy, in coordination with
relevant Federal agencies and in consultation with State
regulatory authorities, industry stakeholders, and the
Electric Reliability Organization, as the Secretary
determines appropriate, shall, as often as appropriate and
feasible, update the following:
(1) The System Average Interruption Duration Index.
(2) The System Average Interruption Frequency Index.
(3) The Customer Average Interruption Duration Index.
(c) Survey.--The Administrator of the Energy Information
Administration shall collect information on electricity
interruption costs, if available, from a representative
sample of owners of electric grid assets through a biennial
survey.
SEC. 5. DEFINITIONS.
In the Act, the following definitions apply:
(1) Electric reliability organization.--The term ``Electric
Reliability Organization'' has the meaning given such term in
section 215(a)(2) of the Federal Power Act (16 U.S.C.
824o(a)(2)).
(2) Electric utility.--The term ``electric utility'' has
the meaning given such term in section 3 of the Federal Power
Act (16 U.S.C. 796).
(3) State regulatory authority.--The term ``State
regulatory authority'' has the meaning given such term in
section 3 of the Federal Power Act (16 U.S.C. 796).
The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New
Jersey (Mr. Pallone) and the gentleman from Oregon (Mr. Walden) each
will control 20 minutes.
The Chair recognizes the gentleman from New Jersey.
General Leave
Mr. PALLONE. Mr. Speaker, I ask unanimous consent that all Members
may have 5 legislative days in which to revise and extend their remarks
and include extraneous material on H.R. 359.
The SPEAKER pro tempore. Is there objection to the request of the
gentleman from New Jersey?
There was no objection.
Mr. PALLONE. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, I want to begin by acknowledging the leadership of two
of my Energy and Commerce Committee colleagues, Representative McNerney
of California and Representative Latta of Ohio, for introducing H.R.
359, the Enhancing Grid Security Through Public-Private Partnerships
Act.
This bill will go a long way in addressing both the physical and
cybersecurity of the Nation's utilities.
H.R. 359 directs the Secretary of Energy, in consultation with the
Electric Reliability Organization, States, other Federal agencies, and
industry stakeholders, to create and implement a program to enhance the
physical and cybersecurity of electric utilities.
Now, some of the critical provisions within this bill include the
voluntary implementation of self-assessments, maturity modeling, and
auditing.
This bill also includes cybersecurity training in order to help
mitigate supply chain risk.
Utilities would also be encouraged to share best practices and data
collection within the electric sector, while also improving the
cybersecurity of third-party utility vendors.
H.R. 359 also directs the Secretary of Energy to deliver a report to
Congress on general cybersecurity concerns and distribution systems.
Any information that is provided to the Department of Energy under
this program would be protected to ensure the confidentiality of this
sensitive information. And like the other two cybersecurity bills we
already have passed today; this legislation requires the Secretary of
Energy to coordinate with the Department of Homeland Security and other
relevant Federal agencies to ensure good communication and smooth
implementation across the government.
Finally, Mr. Speaker, the bill instructs the Secretary of Energy to
update the Interruption Cost Estimate, or ICE, Calculator at least once
every 2 years.
The ICE Calculator, which was developed through a partnership between
the Department of Energy's Lawrence Berkeley Lab and Nexant, Inc., is
an electric reliability planning tool that can be used for estimating
electricity interruption costs and the benefits associated with
reliability improvements.
So, Mr. Speaker, H.R. 359 is an important piece of legislation that
will help address the security of America's electric utilities, and I
urge all my colleagues to support this bill.
Mr. Speaker, I reserve the balance of my time.
Mr. WALDEN. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, H.R. 359, the Enhancing Grid Security Through Public-
Private Partnerships Act, was authored by my Energy and Commerce
Committee colleagues Mr. McNerney and Mr. Latta.
The bill was reported unanimously from the Energy and Commerce
Committee as an important measure for strengthening the cybersecurity
and resilience in the energy systems used to deliver power to our homes
and businesses.
Mr. Speaker, protecting our Nation's critical electric infrastructure
is a shared responsibility. It requires robust partnerships between
industry and the government to leverage strength and ensure the
responsive and resilient system that the public needs and relies upon.
H.R. 359 focuses on these very partnerships. The bill would establish
a program to facilitate and encourage public-private partnerships to
promote and enhance physical and cybersecurity of electric utilities.
The bill would require the Secretary of Energy to deploy the
Department of
[[Page H4971]]
Energy's world-class technical know-how to assist utilities with
cybersecurity practices and procedures, especially those utilities that
have fewer resources due to their size or the region in which they are
located.
It would foster development of maturity models, self-assessments, and
auditing methods.
It would provide training and technical assistance to electric
utilities to address and mitigate cybersecurity supply chain management
risks.
And H.R. 359 would increase opportunities for sharing best practices
and data collection within the electric sector.
The amended version of the bill also makes clear the Department of
Energy will work as appropriate with other Federal agencies to
safeguard the electric system.
A vote for H.R. 359 is a vote for providing an important new tool to
protect our Nation yet once again from these very serious cybersecurity
threats.
Mr. Speaker, I urge support of the legislation, and I reserve the
balance of my time.
Mr. PALLONE. Mr. Speaker, I yield such time as he may consume to the
gentleman from California (Mr. McNerney).
Mr. McNERNEY. Mr. Speaker, I thank the chairman for yielding.
In today's cyber environment, it is more important than ever that
Congress pursue policies that continue to support our grid
infrastructure and secure it against potential physical and cyber
threats.
This is an issue I feel very passionate about, as the grid is the
backbone of our economy and touches every aspect of our lives.
Any vulnerable component is a threat to our physical and national
security, as well as our clean energy future, making it imperative that
we invest in grid modernization and security.
That is why I am proud to co-chair the bipartisan Grid Innovation
Caucus along with my good friend from across the aisle, Mr. Latta from
Ohio.
Together, we are focused on providing a forum for discussing
solutions to the many challenges facing the grid and to educate Members
of Congress and staff about the importance of the electric grid with
relation to the economy, energy security, and advanced technologies
being utilized to enhance grid capabilities.
Time is of the essence, as a recent report from the Congressional
Research Service found that our Nation's bulk-power system faces new
and evolving cybersecurity threats on a daily basis.
These cyberattacks can take multiple forms, such as a direct attack
aimed at the electric grid itself or an indirect attack aimed at other
critical infrastructure, which in turn could impact the operation of
the security of the grid.
Recent cyber threats to the electric grid, such as the Triton and
BlackEnergy attacks, have come in the form of deposits of malware on
grid industrial control system networks, which possess the capability
to damage or take over certain aspects of system control or
functionality.
In addition to this, future cyber threats to the grid are expected to
result from attacks directed via the Internet of Things devices
connected to networks. As the CRS report noted, an example of such an
IoT-based attack on residential or commercial thermostats could result
in false power demand readings, causing a utility to ramp up power
production unnecessarily.
Without proactive management of cyber threats facing the grid,
utilities across the Nation will continue to be highly vulnerable to
potentially significant attacks.
My bill, which I introduced along with Mr. Latta, assists us in this
effort to bolster America's electrical infrastructure by encouraging
coordination between the Department of Energy and electric utilities.
It accomplishes this by creating a program to enhance the physical
and cybersecurity of electric utilities through assessing security
vulnerabilities, increasing cybersecurity training, and data
collection.
My bill would also require the Interruption Cost Estimate
Calculator--which is used to calculate the return on investment on
utility investments--to be updated at least every 2 years to ensure
accurate calculations.
By encouraging partnerships among the DOE, State regulatory
authorities, industry stakeholders, and other Federal agencies to
promote and advance physical security and cybersecurity for electric
utilities, we can best position ourselves to keep the Nation's lights
on and to insulate our economy against future cyber threats.
Mr. Speaker, I thank the chairman of the full committee, Mr. Pallone,
for moving this bill forward, and I thank the ranking member of the
full committee for helping move this forward.
Mr. Speaker, I urge my fellow colleagues to support this bill.
Mr. WALDEN. Mr. Speaker, I thank the prior speaker for his comments
and great work on these pieces of legislation.
Together, we are doing what we can to protect America's energy sector
from attack, and I thank Mr. McNerney and others on the committee for
their work.
Mr. Speaker, I urge passage of the bill, and I yield back the balance
of my time.
Mr. PALLONE. Mr. Speaker, I also ask all Members to support this
legislation, and I yield back the balance of my time.
The SPEAKER pro tempore. The question is on the motion offered by the
gentleman from New Jersey (Mr. Pallone) that the House suspend the
rules and pass the bill, H.R. 359, as amended.
The question was taken; and (two-thirds being in the affirmative) the
rules were suspended and the bill, as amended, was passed.
A motion to reconsider was laid on the table.
____________________