[Congressional Record Volume 166, Number 169 (Tuesday, September 29, 2020)]
[House]
[Pages H4969-H4971]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




    ENHANCING GRID SECURITY THROUGH PUBLIC-PRIVATE PARTNERSHIPS ACT

  Mr. PALLONE. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 359) to provide for certain programs and developments in the 
Department of Energy concerning the cybersecurity and vulnerabilities 
of, and physical threats to, the electric grid, and for other purposes, 
as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                                H.R. 359

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

[[Page H4970]]

  


     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Enhancing Grid Security 
     through Public-Private Partnerships Act''.

     SEC. 2. PROGRAM TO PROMOTE AND ADVANCE PHYSICAL SECURITY AND 
                   CYBERSECURITY OF ELECTRIC UTILITIES.

       (a) Establishment.--The Secretary of Energy, in 
     coordination with relevant Federal agencies and in 
     consultation with State regulatory authorities, industry 
     stakeholders, and the Electric Reliability Organization, as 
     the Secretary determines appropriate, shall carry out a 
     program to--
       (1) develop, and provide for voluntary implementation of, 
     maturity models, self-assessments, and auditing methods for 
     assessing the physical security and cybersecurity of electric 
     utilities;
       (2) provide training to electric utilities to address and 
     mitigate cybersecurity supply chain management risks;
       (3) increase opportunities for sharing best practices and 
     data collection within the electric sector;
       (4) assist with cybersecurity training for electric 
     utilities;
       (5) advance the cybersecurity of third-party vendors that 
     work in partnerships with electric utilities; and
       (6) provide technical assistance for electric utilities 
     subject to the program.
       (b) Scope.--In carrying out the program under subsection 
     (a), the Secretary of Energy shall--
       (1) take into consideration different sizes of electric 
     utilities and the regions that such electric utilities serve;
       (2) prioritize electric utilities with fewer available 
     resources due to size or region; and
       (3) to the extent practicable, utilize and leverage 
     existing Department of Energy programs.
       (c) Protection of Information.--Information provided to, or 
     collected by, the Federal Government pursuant to this 
     section--
       (1) shall be exempt from disclosure under section 552(b)(3) 
     of title 5, United States Code; and
       (2) shall not be made available by any Federal, State, 
     political subdivision or tribal authority pursuant to any 
     Federal, State, political subdivision, or tribal law 
     requiring public disclosure of information or records.

     SEC. 3. REPORT ON CYBERSECURITY AND DISTRIBUTION SYSTEMS.

       (a) In General.--The Secretary of Energy, in coordination 
     with relevant Federal agencies and in consultation with State 
     regulatory authorities, industry stakeholders, and the 
     Electric Reliability Organization, as the Secretary 
     determines appropriate, shall submit to Congress a report 
     that assesses--
       (1) priorities, policies, procedures, and actions for 
     enhancing the physical security and cybersecurity of 
     electricity distribution systems to address threats to, and 
     vulnerabilities of, such electricity distribution systems; 
     and
       (2) implementation of such priorities, policies, 
     procedures, and actions, including an estimate of potential 
     costs and benefits of such implementation, including any 
     public-private cost-sharing opportunities.
       (b) Protection of Information.--Information provided to, or 
     collected by, the Federal Government pursuant to this 
     section--
       (1) shall be exempt from disclosure under section 552(b)(3) 
     of title 5, United States Code; and
       (2) shall not be made available by any Federal, State, 
     political subdivision or tribal authority pursuant to any 
     Federal, State, political subdivision, or tribal law 
     requiring public disclosure of information or records.

     SEC. 4. ELECTRICITY INTERRUPTION INFORMATION.

       (a) Interruption Cost Estimate Calculator.--The Secretary 
     of Energy, in coordination with relevant Federal agencies and 
     in consultation with State regulatory authorities, industry 
     stakeholders, and the Electric Reliability Organization, as 
     the Secretary determines appropriate, shall update the 
     Interruption Cost Estimate Calculator, as often as 
     appropriate and feasible, but not less than once every 2 
     years.
       (b) Indices.--The Secretary of Energy, in coordination with 
     relevant Federal agencies and in consultation with State 
     regulatory authorities, industry stakeholders, and the 
     Electric Reliability Organization, as the Secretary 
     determines appropriate, shall, as often as appropriate and 
     feasible, update the following:
       (1) The System Average Interruption Duration Index.
       (2) The System Average Interruption Frequency Index.
       (3) The Customer Average Interruption Duration Index.
       (c) Survey.--The Administrator of the Energy Information 
     Administration shall collect information on electricity 
     interruption costs, if available, from a representative 
     sample of owners of electric grid assets through a biennial 
     survey.

     SEC. 5. DEFINITIONS.

       In the Act, the following definitions apply:
       (1) Electric reliability organization.--The term ``Electric 
     Reliability Organization'' has the meaning given such term in 
     section 215(a)(2) of the Federal Power Act (16 U.S.C. 
     824o(a)(2)).
       (2) Electric utility.--The term ``electric utility'' has 
     the meaning given such term in section 3 of the Federal Power 
     Act (16 U.S.C. 796).
       (3) State regulatory authority.--The term ``State 
     regulatory authority'' has the meaning given such term in 
     section 3 of the Federal Power Act (16 U.S.C. 796).

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New 
Jersey (Mr. Pallone) and the gentleman from Oregon (Mr. Walden) each 
will control 20 minutes.
  The Chair recognizes the gentleman from New Jersey.


                             General Leave

  Mr. PALLONE. Mr. Speaker, I ask unanimous consent that all Members 
may have 5 legislative days in which to revise and extend their remarks 
and include extraneous material on H.R. 359.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from New Jersey?
  There was no objection.
  Mr. PALLONE. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I want to begin by acknowledging the leadership of two 
of my Energy and Commerce Committee colleagues, Representative McNerney 
of California and Representative Latta of Ohio, for introducing H.R. 
359, the Enhancing Grid Security Through Public-Private Partnerships 
Act.
  This bill will go a long way in addressing both the physical and 
cybersecurity of the Nation's utilities.
  H.R. 359 directs the Secretary of Energy, in consultation with the 
Electric Reliability Organization, States, other Federal agencies, and 
industry stakeholders, to create and implement a program to enhance the 
physical and cybersecurity of electric utilities.
  Now, some of the critical provisions within this bill include the 
voluntary implementation of self-assessments, maturity modeling, and 
auditing.
  This bill also includes cybersecurity training in order to help 
mitigate supply chain risk.
  Utilities would also be encouraged to share best practices and data 
collection within the electric sector, while also improving the 
cybersecurity of third-party utility vendors.
  H.R. 359 also directs the Secretary of Energy to deliver a report to 
Congress on general cybersecurity concerns and distribution systems.
  Any information that is provided to the Department of Energy under 
this program would be protected to ensure the confidentiality of this 
sensitive information. And like the other two cybersecurity bills we 
already have passed today; this legislation requires the Secretary of 
Energy to coordinate with the Department of Homeland Security and other 
relevant Federal agencies to ensure good communication and smooth 
implementation across the government.
  Finally, Mr. Speaker, the bill instructs the Secretary of Energy to 
update the Interruption Cost Estimate, or ICE, Calculator at least once 
every 2 years.
  The ICE Calculator, which was developed through a partnership between 
the Department of Energy's Lawrence Berkeley Lab and Nexant, Inc., is 
an electric reliability planning tool that can be used for estimating 
electricity interruption costs and the benefits associated with 
reliability improvements.
  So, Mr. Speaker, H.R. 359 is an important piece of legislation that 
will help address the security of America's electric utilities, and I 
urge all my colleagues to support this bill.
  Mr. Speaker, I reserve the balance of my time.
  Mr. WALDEN. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, H.R. 359, the Enhancing Grid Security Through Public-
Private Partnerships Act, was authored by my Energy and Commerce 
Committee colleagues Mr. McNerney and Mr. Latta.
  The bill was reported unanimously from the Energy and Commerce 
Committee as an important measure for strengthening the cybersecurity 
and resilience in the energy systems used to deliver power to our homes 
and businesses.
  Mr. Speaker, protecting our Nation's critical electric infrastructure 
is a shared responsibility. It requires robust partnerships between 
industry and the government to leverage strength and ensure the 
responsive and resilient system that the public needs and relies upon.
  H.R. 359 focuses on these very partnerships. The bill would establish 
a program to facilitate and encourage public-private partnerships to 
promote and enhance physical and cybersecurity of electric utilities.
  The bill would require the Secretary of Energy to deploy the 
Department of

[[Page H4971]]

Energy's world-class technical know-how to assist utilities with 
cybersecurity practices and procedures, especially those utilities that 
have fewer resources due to their size or the region in which they are 
located.
  It would foster development of maturity models, self-assessments, and 
auditing methods.
  It would provide training and technical assistance to electric 
utilities to address and mitigate cybersecurity supply chain management 
risks.
  And H.R. 359 would increase opportunities for sharing best practices 
and data collection within the electric sector.
  The amended version of the bill also makes clear the Department of 
Energy will work as appropriate with other Federal agencies to 
safeguard the electric system.
  A vote for H.R. 359 is a vote for providing an important new tool to 
protect our Nation yet once again from these very serious cybersecurity 
threats.
  Mr. Speaker, I urge support of the legislation, and I reserve the 
balance of my time.
  Mr. PALLONE. Mr. Speaker, I yield such time as he may consume to the 
gentleman from California (Mr. McNerney).
  Mr. McNERNEY. Mr. Speaker, I thank the chairman for yielding.
  In today's cyber environment, it is more important than ever that 
Congress pursue policies that continue to support our grid 
infrastructure and secure it against potential physical and cyber 
threats.
  This is an issue I feel very passionate about, as the grid is the 
backbone of our economy and touches every aspect of our lives.
  Any vulnerable component is a threat to our physical and national 
security, as well as our clean energy future, making it imperative that 
we invest in grid modernization and security.

  That is why I am proud to co-chair the bipartisan Grid Innovation 
Caucus along with my good friend from across the aisle, Mr. Latta from 
Ohio.
  Together, we are focused on providing a forum for discussing 
solutions to the many challenges facing the grid and to educate Members 
of Congress and staff about the importance of the electric grid with 
relation to the economy, energy security, and advanced technologies 
being utilized to enhance grid capabilities.
  Time is of the essence, as a recent report from the Congressional 
Research Service found that our Nation's bulk-power system faces new 
and evolving cybersecurity threats on a daily basis.
  These cyberattacks can take multiple forms, such as a direct attack 
aimed at the electric grid itself or an indirect attack aimed at other 
critical infrastructure, which in turn could impact the operation of 
the security of the grid.
  Recent cyber threats to the electric grid, such as the Triton and 
BlackEnergy attacks, have come in the form of deposits of malware on 
grid industrial control system networks, which possess the capability 
to damage or take over certain aspects of system control or 
functionality.
  In addition to this, future cyber threats to the grid are expected to 
result from attacks directed via the Internet of Things devices 
connected to networks. As the CRS report noted, an example of such an 
IoT-based attack on residential or commercial thermostats could result 
in false power demand readings, causing a utility to ramp up power 
production unnecessarily.
  Without proactive management of cyber threats facing the grid, 
utilities across the Nation will continue to be highly vulnerable to 
potentially significant attacks.
  My bill, which I introduced along with Mr. Latta, assists us in this 
effort to bolster America's electrical infrastructure by encouraging 
coordination between the Department of Energy and electric utilities.
  It accomplishes this by creating a program to enhance the physical 
and cybersecurity of electric utilities through assessing security 
vulnerabilities, increasing cybersecurity training, and data 
collection.
  My bill would also require the Interruption Cost Estimate 
Calculator--which is used to calculate the return on investment on 
utility investments--to be updated at least every 2 years to ensure 
accurate calculations.
  By encouraging partnerships among the DOE, State regulatory 
authorities, industry stakeholders, and other Federal agencies to 
promote and advance physical security and cybersecurity for electric 
utilities, we can best position ourselves to keep the Nation's lights 
on and to insulate our economy against future cyber threats.
  Mr. Speaker, I thank the chairman of the full committee, Mr. Pallone, 
for moving this bill forward, and I thank the ranking member of the 
full committee for helping move this forward.
  Mr. Speaker, I urge my fellow colleagues to support this bill.
  Mr. WALDEN. Mr. Speaker, I thank the prior speaker for his comments 
and great work on these pieces of legislation.
  Together, we are doing what we can to protect America's energy sector 
from attack, and I thank Mr. McNerney and others on the committee for 
their work.
  Mr. Speaker, I urge passage of the bill, and I yield back the balance 
of my time.
  Mr. PALLONE. Mr. Speaker, I also ask all Members to support this 
legislation, and I yield back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from New Jersey (Mr. Pallone) that the House suspend the 
rules and pass the bill, H.R. 359, as amended.
  The question was taken; and (two-thirds being in the affirmative) the 
rules were suspended and the bill, as amended, was passed.
  A motion to reconsider was laid on the table.

                          ____________________