[Congressional Record Volume 166, Number 169 (Tuesday, September 29, 2020)]
[House]
[Pages H5025-H5030]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                              {time}  1645
               GRID SECURITY RESEARCH AND DEVELOPMENT ACT

  Mr. BERA. Mr. Speaker, I move to suspend the rules and pass the bill 
(H.R. 5760) to provide for a comprehensive interdisciplinary research, 
development, and demonstration initiative to strengthen the capacity of 
the energy sector to prepare for and withstand cyber and physical 
attacks, and for other purposes, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 5760

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Grid Security Research and 
     Development Act''.

     SEC. 2. FINDINGS.

       Congress finds the following:
       (1) The Nation, and every critical infrastructure sector, 
     depends on reliable electricity.
       (2) Intelligent electronic devices, advanced analytics, and 
     information systems used across the energy sector are 
     essential to maintaining reliable operation of the electric 
     grid.
       (3) The cybersecurity threat landscape is constantly 
     changing and attacker capabilities are advancing rapidly, 
     requiring ongoing modifications, advancements, and 
     investments in technologies and procedures to maintain 
     security.
       (4) It is in the national interest for Federal agencies to 
     invest in cybersecurity research that informs and facilitates 
     private sector investment and use of advanced cybersecurity 
     tools and procedures to protect information systems.
       (5) The number of devices and systems connecting to the 
     electric grid is increasing, and integrating cybersecurity 
     protections into information systems when they are built is 
     more effective than modifying products after installation to 
     meet cybersecurity goals.
       (6) An understanding of human factors can be leveraged to 
     understand the behavior of cyber threat actors, develop 
     strategies to counter threat actors, improve cybersecurity 
     training programs, optimize the design of human-machine 
     interfaces and cybersecurity tools, and increase the capacity 
     of the energy sector workforce to prevent unauthorized access 
     to critical systems.

     SEC. 3. AMENDMENT TO ENERGY INDEPENDENCE AND SECURITY ACT OF 
                   2007.

       Title XIII of the Energy Independence and Security Act of 
     2007 (42 U.S.C. 17381 et seq.) is amended by adding at the 
     end the following:

     ``SEC. 1310. ENERGY SECTOR SECURITY RESEARCH, DEVELOPMENT, 
                   AND DEMONSTRATION PROGRAM.

       ``(a) In General.--The Secretary, in coordination with 
     appropriate Federal agencies, the Electricity Subsector 
     Coordinating Council, the Electric Reliability Organization, 
     State, tribal, local, and territorial governments, the 
     private sector, and other relevant stakeholders, shall carry 
     out a research, development, and demonstration program to 
     protect the electric grid and energy systems, including 
     assets connected to the distribution grid, from cyber and 
     physical attacks by increasing the cyber and physical 
     security capabilities of the energy sector and accelerating 
     the development of relevant technologies and tools.
       ``(b) Department of Energy.--As part of the initiative 
     described in subsection (a), the Secretary shall award 
     research, development, and demonstration grants to--
       ``(1) identify cybersecurity risks to information systems 
     within, and impacting, the electricity sector, energy 
     systems, and energy infrastructure;
       ``(2) develop methods and tools to rapidly detect cyber 
     intrusions and cyber incidents, including through the use of 
     data and big data analytics techniques, such as intrusion 
     detection, and security information and event management 
     systems, to validate and verify system behavior;
       ``(3) assess emerging cybersecurity capabilities that could 
     be applied to energy systems and develop technologies that 
     integrate cybersecurity features and procedures into the 
     design and development of existing and emerging grid 
     technologies, including renewable energy, storage, and 
     demand-side management technologies;
       ``(4) identify existing vulnerabilities in intelligent 
     electronic devices, advanced analytics systems, and 
     information systems;
       ``(5) work with relevant entities to develop technologies 
     or concepts that build or retrofit
     cybersecurity features and procedures into--
       ``(A) information and energy management system devices, 
     components, software, firmware, and hardware, including 
     distributed control and management systems, and building 
     management systems;
       ``(B) data storage systems, data management systems, and 
     data analysis processes;
       ``(C) automated- and manually-controlled devices and 
     equipment for monitoring and stabilizing the electric grid;
       ``(D) technologies used to synchronize time and develop 
     guidance for operational contingency plans when time 
     synchronization technologies, are compromised;
       ``(E) power system delivery and end user systems and 
     devices that connect to the grid, including--
       ``(i) meters, phasor measurement units, and other sensors;
       ``(ii) distribution automation technologies, smart 
     inverters, and other grid control technologies;
       ``(iii) distributed generation, energy storage, and other 
     distributed energy technologies;
       ``(iv) demand response technologies;
       ``(v) home and building energy management and control 
     systems;
       ``(vi) electric and plug-in hybrid vehicles and electric 
     vehicle charging systems; and
       ``(vii) other relevant devices, software, firmware, and 
     hardware; and
       ``(F) the supply chain of electric grid management system 
     components;
       ``(6) develop technologies that improve the physical 
     security of information systems, including remote assets;
       ``(7) integrate human factors research into the design and 
     development of advanced tools and processes for dynamic 
     monitoring, detection, protection, mitigation, response, and 
     cyber situational awareness;
       ``(8) evaluate and understand the potential consequences of 
     practices used to maintain the 
     cybersecurity of information systems and intelligent 
     electronic devices;
       ``(9) develop or expand the capabilities of existing 
     cybersecurity test beds to simulate impacts of cyber attacks 
     and combined cyber-physical attacks on information systems 
     and electronic devices, including by increasing access to 
     existing and emerging test beds for cooperative utilities, 
     utilities owned by a political subdivision of a State, such 
     as municipally-owned electric utilities, and other relevant 
     stakeholders; and
       ``(10) develop technologies that reduce the cost of 
     implementing effective cybersecurity technologies and tools, 
     including updates to these technologies and tools, in the 
     energy sector.
       ``(c) National Science Foundation.--The National Science 
     Foundation, in coordination with other Federal agencies as 
     appropriate, shall through its cybersecurity research and 
     development programs--
       ``(1) support basic research to advance knowledge, 
     applications, technologies, and tools to strengthen the 
     cybersecurity of information systems, including electric grid 
     and energy systems, including interdisciplinary research in--

[[Page H5026]]

       ``(A) evolutionary systems, theories, mathematics, and 
     models;
       ``(B) economic and financial theories, mathematics, and 
     models; and
       ``(C) big data analytical methods, mathematics, computer 
     coding, and algorithms; and
       ``(2) support cybersecurity education and training focused 
     on information systems for the electric grid and energy 
     workforce, including through the Advanced Technological 
     Education program, the Cybercorps program, graduate research 
     fellowships, and other appropriate programs.
       ``(d) Department of Homeland Security Science and 
     Technology Directorate.--The Science and Technology 
     Directorate of the Department of Homeland Security shall 
     coordinate with the Department of Energy, the private sector, 
     and other relevant stakeholders, to research existing 
     cybersecurity technologies and tools used in the defense 
     industry in order to--
       ``(1) identify technologies and tools that may meet 
     civilian energy sector cybersecurity needs;
       ``(2) develop a research strategy that incorporates human 
     factors research findings to guide the modification of 
     defense industry cybersecurity tools for use in the civilian 
     sector;
       ``(3) develop a strategy to accelerate efforts to bring 
     modified defense industry cybersecurity tools to the civilian 
     market; and
       ``(4) carry out other activities the Secretary of Homeland 
     Security considers appropriate to meet the goals of this 
     subsection.

     ``SEC. 1311. GRID RESILIENCE AND EMERGENCY RESPONSE.

       ``(a) In General.--Not later than 180 days after the 
     enactment of the Grid Security Research and Development Act, 
     the Secretary shall establish a research, development, and 
     demonstration program to enhance resilience and strengthen 
     emergency response and management pertaining to the energy 
     sector.
       ``(b) Grants.--The Secretary shall award grants to eligible 
     entities under subsection (c) on a competitive basis to 
     conduct research and development with the purpose of 
     improving the resilience and reliability of electric grid 
     by--
       ``(1) developing methods to improve community and 
     governmental preparation for and emergency response to large-
     area, long-duration electricity interruptions, including 
     through the use of energy efficiency, storage, and 
     distributed generation technologies;
       ``(2) developing tools to help utilities and communities 
     ensure the continuous delivery of electricity to critical 
     facilities;
       ``(3) developing tools to improve coordination between 
     utilities and relevant Federal agencies to enable 
     communication, information-sharing, and situational awareness 
     in the event of a physical or cyber-attack on the electric 
     grid;
       ``(4) developing technologies and capabilities to withstand 
     and address the current and projected impact of the changing 
     climate on energy sector infrastructure, including extreme 
     weather events and other natural disasters;
       ``(5) developing technologies capable of early detection of 
     malfunctioning electrical equipment on the transmission and 
     distribution grid, including detection of spark ignition 
     causing wildfires and risks of vegetation contact;
       ``(6) assessing upgrades and additions needed to energy 
     sector infrastructure due to projected changes in the energy 
     generation mix and energy demand; and
       ``(7) upgrading tools used to estimate the costs of outages 
     longer than 24 hours.
       ``(8) developing tools and technologies to assist with the 
     planning, safe execution of, and safe and timely restoration 
     of power after emergency power shut offs, such as those 
     conducted to reduce risks of wildfires started by grid 
     infrastructure.
       ``(c) Eligible Entities.--The entities eligible to receive 
     grants under this section include--
       ``(1) an institution of higher education;
       ``(2) a nonprofit organization;
       ``(3) a National Laboratory;
       ``(4) a unit of State, local, or tribal government;
       ``(5) an electric utility or electric cooperative;
       ``(6) a retail service provider of electricity;
       ``(7) a private commercial entity;
       ``(8) a partnership or consortium of 2 or more entities 
     described in subparagraphs (1) through (7); and
       ``(9) any other entities the Secretary deems appropriate.
       ``(d) Relevant Activities.--Grants awarded under subsection 
     (b) shall include funding for research and development 
     activities related to the purpose described in subsection 
     (b), such as--
       ``(1) development of technologies to use distributed energy 
     resources, such as solar photovoltaics, energy storage 
     systems, electric vehicles, and microgrids, to improve grid 
     and critical end-user resilience;
       ``(2) analysis of non-technical barriers to greater 
     integration and use of technologies on the distribution grid;
       ``(3) analysis of past large-area, long-duration 
     electricity interruptions to identify common elements and 
     best practices for electricity restoration, mitigation, and 
     prevention of future disruptions;
       ``(4) development of advanced monitoring, analytics, 
     operation, and controls of electric grid systems to improve 
     electric grid resilience;
       ``(5) analysis of technologies, methods, and concepts that 
     can improve community resilience and survivability of 
     frequent or long-duration power outages;
       ``(6) development of methodologies to maintain 
     cybersecurity during restoration of energy sector 
     infrastructure and operation;
       ``(7) development of advanced power flow control systems 
     and components to improve electric grid resilience; and
       ``(8) any other relevant activities determined by the 
     Secretary.
       ``(e) Technical Assistance.--
       ``(1) In general.--The Secretary shall provide technical 
     assistance to eligible entities for the commercial 
     application of technologies to improve the resilience of the 
     electric grid and commercial application of technologies to 
     help entities develop plans for preventing and recovering 
     from various power outage scenarios at the local, regional, 
     and State level.
       ``(2) Technical assistance program.--The commercial 
     application technical assistance program established in 
     paragraph (1) shall include assistance to eligible entities 
     for--
       ``(A) the commercial application of technologies developed 
     from the grant program established in subsection (b), 
     including cooperative utilities and utilities owned by a 
     political subdivision of a State, such as municipally-owned 
     electric utilities;
       ``(B) the development of methods to strengthen or otherwise 
     mitigate adverse impacts on electric grid infrastructure 
     against natural hazards;
       ``(C) the use of Department data and modeling tools for 
     various purposes;
       ``(D) a resource assessment and analysis of future demand 
     and distribution requirements, including development of 
     advanced grid architectures and risk analysis; and
       ``(E) the development of tools and technologies to 
     coordinate data across relevant entities to promote 
     resilience and wildfire prevention in the planning, design, 
     construction, operation, and maintenance of transmission 
     infrastructure;
       ``(F) analysis to predict the likelihood of extreme weather 
     events to inform the planning, design, construction, 
     operation, and maintenance of transmission infrastructure in 
     consultation with the National Oceanic and Atmospheric 
     Administration; and
       ``(G) the commercial application of relevant technologies, 
     such as distributed energy resources, microgrids, or other 
     energy technologies, to establish backup power for users or 
     facilities affected by emergency power shutoffs.
       ``(3) Eligible entities.--The entities eligible to receive 
     technical assistance for commercial application of 
     technologies under this section include--
       ``(A) representatives of all sectors of the electric power 
     industry, including electric utilities, trade organizations, 
     and transmission and distribution system organizations, 
     owners, and operators;
       ``(B) State and local governments and regulatory 
     authorities, including public utility commissions;
       ``(C) tribal and Alaska Native governmental entities;
       ``(D) partnerships among entities under subparagraphs (A) 
     through (C);
       ``(E) regional partnerships; and
       ``(F) any other entities the Secretary deems appropriate.
       ``(4) Authority.--Nothing in this section shall authorize 
     the Secretary to require any entity to adopt any model, tool, 
     technology, plan, analysis, or assessment.

     ``SEC. 1312. BEST PRACTICES AND GUIDANCE DOCUMENTS FOR ENERGY 
                   SECTOR CYBERSECURITY RESEARCH.

       ``(a) In General.--The Secretary, in coordination with 
     appropriate Federal agencies, the Electricity Subsector 
     Coordinating Council, standards development organizations, 
     State, tribal, local, and territorial governments, the 
     private sector, public utility commissions, and other 
     relevant stakeholders, shall coordinate the development of 
     guidance documents for research, development, and 
     demonstration activities to improve the cybersecurity 
     capabilities of the energy sector through participating 
     agencies. As part of these activities, the Secretary shall--
       ``(1) facilitate stakeholder involvement to update--
       ``(A) the Roadmap to Achieve Energy Delivery Systems 
     Cybersecurity;
       ``(B) the Cybersecurity Procurement Language for Energy 
     Delivery Systems, including developing guidance for--
       ``(i) contracting with third parties to conduct 
     vulnerability testing for information systems used across the 
     energy production, delivery, storage, and end use systems;
       ``(ii) contracting with third parties that utilize 
     transient devices to access information systems; and
       ``(iii) managing supply chain risks; and
       ``(C) the Electricity Subsector Cybersecurity Capability 
     Maturity Model, including the development of metrics to 
     measure changes in 
     cybersecurity readiness; and
       ``(2) develop voluntary guidance to improve digital 
     forensic analysis capabilities, including--
       ``(A) developing standardized terminology and monitoring 
     processes; and
       ``(B) utilizing human factors research to develop more 
     effective procedures for logging incident events; and
       ``(3) work with the National Science Foundation, Department 
     of Homeland Security, and stakeholders to develop a mechanism 
     to anonymize, aggregate, and share the testing results from 
     cybersecurity test beds to facilitate technology improvements 
     by public and private sector researchers.
       ``(b) Best Practices.--The Secretary, in collaboration with 
     the Director of the National Institute of Standards and 
     Technology and other appropriate Federal agencies, shall 
     convene relevant stakeholders and facilitate the development 
     of--
       ``(1) consensus-based best practices to improve 
     cybersecurity for--
       ``(A) emerging energy technologies;
       ``(B) distributed generation and storage technologies, and 
     other distributed energy resources;
       ``(C) electric vehicles and electric vehicle charging 
     stations; and
       ``(D) other technologies and devices that connect to the 
     electric grid;

[[Page H5027]]

       ``(2) recommended cybersecurity designs and technical 
     requirements that can be used by the private sector to design 
     and build interoperable cybersecurity features into 
     technologies that connect to the electric grid, including 
     networked devices and components on distribution systems; and
       ``(3) technical analysis that can be used by the private 
     sector in developing best practices for test beds and test 
     bed methodologies that will enable reproducible testing of 
     cybersecurity protections for information systems, electronic 
     devices, and other relevant components, software, and 
     hardware across test beds.
       ``(c) Regulatory Authority.--None of the activities 
     authorized in this section shall be construed to authorize 
     regulatory actions. Additionally, the voluntary standards 
     developed under this section shall not duplicate or conflict 
     with mandatory reliability standards.

     ``SEC. 1313. VULNERABILITY TESTING AND TECHNICAL ASSISTANCE 
                   TO IMPROVE CYBERSECURITY.

       ``(a) In General.--The Secretary shall--
       ``(1) coordinate with energy sector asset owners and 
     operators, leveraging the research facilities and expertise 
     of the National Laboratories, to assist entities in 
     developing testing capabilities by--
       ``(A) utilizing a range of methods to identify 
     vulnerabilities in physical and cyber systems;
       ``(B) developing cybersecurity risk assessment tools and 
     providing analyses and recommendations to participating 
     stakeholders; and
       ``(C) working with stakeholders to develop methods to share 
     anonymized and aggregated test results to assist relevant 
     stakeholders in the energy sector, researchers, and the 
     private sector to advance cybersecurity efforts, 
     technologies, and tools;
       ``(2) collaborate with relevant stakeholders, including 
     public utility commissions, to--
       ``(A) identify information, research, staff training, and 
     analytical tools needed to evaluate cybersecurity issues and 
     challenges in the energy sector; and
       ``(B) facilitate the sharing of information and the 
     development of tools identified under subparagraph (A);
       ``(3) collaborate with tribal governments to identify 
     information, research, and analysis tools needed by tribal 
     governments to increase the cybersecurity of energy assets 
     within their jurisdiction.

     ``SEC. 1314. EDUCATION AND WORKFORCE TRAINING RESEARCH AND 
                   STANDARDS.

       ``(a) In General.--The Secretary shall support the 
     development of a cybersecurity workforce through a program 
     that--
       ``(1) facilitates collaboration between undergraduate and 
     graduate students, researchers at the National Laboratories, 
     and the private sector;
       ``(2) prioritizes science and technology in areas relevant 
     to the mission of the Department of Energy through the design 
     and application of cybersecurity technologies;
       ``(3) develops, or facilitates private sector development 
     of, voluntary cybersecurity training and retraining 
     standards, lessons, and recommendations for the energy sector 
     that minimize duplication of cybersecurity compliance 
     training programs; and
       ``(4) maintains a public database of 
     cybersecurity education, training, and certification 
     programs.
       ``(b) Grid Resilience Technology Training.--The Secretary 
     shall support the development of the grid workforce through a 
     training program that prioritizes activities that enhance the 
     resilience of the electric grid and energy sector 
     infrastructure, including training on the use of tools, 
     technologies, and methods developed under the grant program 
     established in section 1311(b).
       ``(c) Collaboration.--In carrying out the program 
     authorized in subsection (a) and (b), the Secretary shall 
     leverage programs and activities carried out across the 
     Department of Energy, other relevant Federal agencies, 
     institutions of higher education, and other appropriate 
     entities best suited to provide national leadership on 
     cybersecurity and grid resilience-related issues.

     ``SEC. 1315. INTERAGENCY COORDINATION AND STRATEGIC PLAN FOR 
                   ENERGY SECTOR CYBERSECURITY RESEARCH.

       ``(a) Duties.--The Secretary, in coordination with the 
     Energy Sector Government Coordinating Council, shall--
       ``(1) review the most recent versions of the Roadmap to 
     Achieve Energy Delivery Systems
     Cybersecurity and the Multi-Year Program Plan for Energy 
     Sector Cybersecurity to identify crosscutting energy sector 
     cybersecurity research needs and opportunities for 
     collaboration among Federal agencies and other relevant 
     stakeholders;
       ``(2) identify interdisciplinary research, technology, and 
     tools that can be applied to cybersecurity challenges in the 
     energy sector;
       ``(3) identify technology transfer opportunities to 
     accelerate the development and commercial application of 
     novel cybersecurity technologies, systems, and processes in 
     the energy sector; and
       ``(4) develop a coordinated Interagency Strategic Plan for 
     research to advance cybersecurity capabilities used in the 
     energy sector that builds on the Roadmap to Achieve Energy 
     Delivery Systems in 
     Cybersecurity and the Multi-Year Program Plan for Energy 
     Sector Cybersecurity.
       ``(b) Interagency Strategic Plan.--
       ``(1) Submittal.--The Interagency Strategic Plan developed 
     under subsection (a)(4) shall be submitted to Congress and 
     made public within 12 months after the date of enactment of 
     the Grid Security Research and Development Act.
       ``(2) Contents.--The Interagency Strategic Plan shall 
     include--
       ``(A) an analysis of how existing 
     cybersecurity research efforts across the Federal Government 
     are advancing the goals of the Roadmap to Achieve Energy 
     Delivery Systems 
     Cybersecurity and the Multi-Year Program Plan for Energy 
     Sector Cybersecurity;
       ``(B) recommendations for research areas that may advance 
     the cybersecurity of the energy sector;
       ``(C) an overview of existing and proposed public and 
     private sector research efforts that address the topics 
     outlined in paragraph (3); and
       ``(D) an overview of needed support for workforce training 
     in cybersecurity for the energy sector.
       ``(3) Considerations.--In developing the Interagency 
     Strategic Plan, the Secretary, in coordination with the 
     Energy Sector Government Coordinating Council, shall 
     consider--
       ``(A) opportunities for human factors research to improve 
     the design and effectiveness of cybersecurity devices, 
     technologies, tools, processes, and training programs;
       ``(B) contributions of other disciplines to the development 
     of innovative cybersecurity procedures, devices, components, 
     technologies, and tools;
       ``(C) opportunities for technology transfer programs to 
     facilitate private sector development of cybersecurity 
     procedures, devices, components, technologies, and tools for 
     the energy sector;
       ``(D) broader applications of the work done by relevant 
     Federal agencies to advance the 
     cybersecurity of information systems and data analytics 
     systems for the energy sector; and
       ``(E) activities called for in the Federal 
     cybersecurity research and development strategic plan 
     required by section 201(a)(1) of the 
     Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7431(a)(1)).
       ``(c) Participation.--For the purposes of carrying out this 
     section, the Energy Sector Government Coordinating Council 
     shall include representatives from Federal agencies with 
     expertise in the energy sector, information systems, data 
     analytics, cyber and physical systems, engineering, human 
     factors research, human-machine interfaces, high performance 
     computing, big data and data analytics, or other disciplines 
     considered appropriate by the Council Chair.

     ``SEC. 1316. REPORT TO CONGRESS.

       ``(a) Balancing Risks, Increasing Security, and Improving 
     Modernization.--
       ``(1) Study.--The Secretary, in collaboration with the 
     National Institute of Standards and Technology, other Federal 
     agencies, and energy sector stakeholders, in order to provide 
     recommendations for additional research, development, 
     demonstration, and commercial application activities, shall--
       ``(A) analyze physical and cyber attacks on energy sector 
     infrastructure and information systems and identify cost-
     effective opportunities to improve physical and cyber 
     security; and
       ``(B) examine the risks associated with increasing 
     penetration of digital technologies in grid networks, 
     particularly on the distribution grid.
       ``(2) Content.--The study shall--
       ``(A) analyze processes, operational procedures, and other 
     factors common among cyber attacks;
       ``(B) identify areas where human behavior plays a critical 
     role in maintaining or compromising the security of a system;
       ``(C) recommend--
       ``(i) changes to the design of devices, human-machine 
     interfaces, technologies, tools, processes, or procedures to 
     optimize security that do not require a change in human 
     behavior; and
       ``(ii) training techniques to increase the capacity of 
     employees to actively identify, prevent, or neutralize the 
     impact of cyber attacks;
       ``(D) evaluate existing engineering and technical design 
     criteria and guidelines that incorporate human factors 
     research findings, and recommend criteria and guidelines for 
     cybersecurity tools that can be used to develop display 
     systems for cybersecurity monitoring, such as alarms, user-
     friendly displays, and layouts;
       ``(E) evaluate the cybersecurity risks and benefits of 
     various design and architecture options for energy sector 
     systems, networked grid systems and components, and 
     automation systems, including consideration of--
       ``(i) designs that include both digital and analog control 
     devices and technologies;
       ``(ii) different communication technologies used to 
     transfer information and data between control system devices, 
     technologies, and system operators;
       ``(iii) automated and human-in-the-loop devices and 
     technologies;
       ``(iv) programmable versus nonprogrammable devices and 
     technologies;
       ``(v) increased redundancy using dissimilar cybersecurity 
     technologies; and
       ``(vi) grid architectures that use autonomous functions to 
     limit control vulnerabilities; and
       ``(F) recommend methods or metrics to document changes in 
     risks associated with system designs and architectures.
       ``(3) Consultation.--In conducting the study, the Secretary 
     shall consult with energy sector stakeholders, academic 
     researchers, the private sector, and other relevant 
     stakeholders.
       ``(4) Report.--Not later than 24 months after the date of 
     enactment of the Grid Security Research and Development Act, 
     the Secretary shall submit the study to the Committee on 
     Science, Space, and Technology of the House of 
     Representatives and the Committee on Energy and Natural 
     Resources of the Senate.

     ``SEC. 1317. DEFINITIONS.

       ``In this title:
       ``(1) Big data.--The term `big data' means datasets that 
     require advanced analytical methods for their transformation 
     into useful information.
       ``(2) Cybersecurity.--The term `cybersecurity' means 
     protecting an information system or

[[Page H5028]]

     information that is stored on, processed by, or transiting an 
     information system from a cybersecurity threat or security 
     vulnerability.
       ``(3) Cybersecurity threat.--The term 
     `cybersecurity threat' has the meaning given the term in 
     section 102 of the Cybersecurity Information Sharing Act of 
     2015 (6 U.S.C. 1501).
       ``(4) Electricity subsector coordinating council.--The term 
     `Electricity Subsector Coordinating Council' means the self-
     organized, self-governed council consisting of senior 
     industry representatives to serve as the principal liaison 
     between the Federal Government and the electric power sector 
     and to carry out the role of the Sector Coordinating Council 
     as established in the National Infrastructure Protection Plan 
     for the electricity subsector.
       ``(5) Energy sector government coordinating council.--The 
     term `Energy Sector Government Coordinating Council' means 
     the council consisting of representatives from relevant 
     Federal Government agencies to provide effective coordination 
     of energy sector efforts to ensure a secure, reliable, and 
     resilient energy infrastructure and to carry out the role of 
     the Government Coordinating Council as established in the 
     National Infrastructure Protection Plan for the energy 
     sector.
       ``(6) Human factors research.--The term `human factors 
     research' means research on human performance in social and 
     physical environments, and on the integration and interaction 
     of humans with physical systems and computer hardware and 
     software.
       ``(7) Human-machine interfaces.--The term `human-machine 
     interfaces' means technologies that present information to an 
     operator or user about the state of a process or system, or 
     accept human instructions to implement an action, including 
     visualization displays such as a graphical user interface.
       ``(8) Information system.--The term `information system'--
       ``(A) has the meaning given the term in section 102 of the 
     Cybersecurity Information Sharing Act of 2015 (6 U.S.C. 
     1501); and
       ``(B) includes operational technology, information 
     technology, and communications.
       ``(9) National laboratory.--The term `national laboratory' 
     has the meaning given the term in section 2 of the Energy 
     Policy Act of 2005 (42 U.S.C. 15801).
       ``(10) Security vulnerability.--The term `security 
     vulnerability' has the meaning given the term in section 102 
     of the Cybersecurity Information Sharing Act of 2015 (6 
     U.S.C. 1501).
       ``(11) Transient devices.--The term `transient devices' 
     means removable media, including floppy disks, compact disks, 
     USB flash drives, external hard drives, mobile devices, and 
     other devices that utilize wireless connections.

     ``SEC. 1318. AUTHORIZATION OF APPROPRIATIONS.

       ``There are authorized to be appropriated to the Secretary 
     to carry out this Act--
       ``(1) $150,000,000 for fiscal year 2021;
       ``(2) $157,500,000 for fiscal year 2022;
       ``(3) $165,375,000 for fiscal year 2023;
       ``(4) $173,645,000 for fiscal year 2024; and
       ``(5) $182,325,000 for fiscal year 2025.''.

     SEC. 4. CRITICAL INFRASTRUCTURE RESEARCH AND CONSTRUCTION.

       (a) In General.--The Secretary shall carry out a program of 
     research, development, and demonstration of technologies and 
     tools to help ensure the resilience and security of critical 
     integrated grid infrastructures.
       (b) Critical Infrastructure Defined.--The term ``critical 
     infrastructure'' means infrastructure that the Secretary 
     determines to be vital to socioeconomic activities such that, 
     if destroyed or damaged, such destruction or damage could 
     cause substantial disruption to such socioeconomic 
     activities.
       (c) Coordination.--In carrying out the program under 
     subsection (a), the Secretary shall leverage expertise and 
     resources of and facilitate collaboration and coordination 
     between--
       (1) relevant programs and activities across the Department;
       (2) the Department of Defense; and
       (3) the Department of Homeland Security.
       (d) Critical Infrastructure Test Facility.--In carrying out 
     the program under subsection (a), the Secretary shall 
     establish and operate a Critical Infrastructure Test Facility 
     (referred to in this section as the ``Test Facility'') that 
     allows for scalable physical and cyber performance testing to 
     be conducted on industry-scale critical infrastructure 
     systems. This facility shall include a focus on--
       (1) cybersecurity test beds; and
       (2) electric grid test beds.
       (e) Selection.--The Secretary shall select the Test 
     Facility under this section on a competitive, merit-reviewed 
     basis. The Secretary shall consider applications from 
     National Laboratories, institutions of higher education, 
     multi-institutional collaborations, and other appropriate 
     entities.
       (f) Duration.--The Test Facility established under this 
     section shall receive support for a period of not more than 5 
     years, subject to the availability of appropriations.
       (g) Renewal.--Upon the expiration of any period of support 
     of the Test Facility, the Secretary may renew support for the 
     Test Facility, on a merit-reviewed basis, for a period of not 
     more than 5 years.
       (h) Termination.--Consistent with the existing authorities 
     of the Department, the Secretary may terminate the Test 
     Facility for cause during the performance period.

     SEC. 5. CONFORMING AMENDMENT.

       Section 1(b) of the Energy Independence and Security Act of 
     2007 is amended in the table of contents by adding after the 
     matter relating to section 1309 the following:

``Sec. 1310. Energy sector security research, development, and 
              demonstration program.
``Sec. 1311. Grid resilience and emergency response.
``Sec. 1312. Best practices and guidance documents for energy sector 
              cybersecurity research.
``Sec. 1313. Vulnerability testing and technical assistance to improve 
              cybersecurity.
``Sec. 1314. Education and workforce training research and standards.
``Sec. 1315. Interagency coordination and strategic plan for energy 
              sector 
              cybersecurity research.
``Sec. 1316. Report to Congress.
``Sec. 1317. Definitions.
``Sec. 1318. Authorization of appropriations.''.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from 
California (Mr. Bera) and the gentleman from Oklahoma (Mr. Lucas) each 
will control 20 minutes.
  The Chair recognizes the gentleman from California.


                             General Leave

  Mr. BERA. Mr. Speaker, I ask unanimous consent that all Members may 
have 5 legislative days to revise and extend their remarks and to 
include extraneous material on H.R. 5760, the bill now under 
consideration.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from California?
  There was no objection.
  Mr. BERA. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I rise today in support of my bill, H.R. 5760, the Grid 
Security Research and Development Act.
  I first want to thank the chairwoman of the Committee on Science, 
Space, and Technology, Ms. Johnson, and the ranking member, Mr. Lucas, 
for their help in passing the Grid Security R&D bill out of the 
Committee on Science, Space, and Technology and bringing it to the 
floor.
  I also thank my colleague, Congressman Randy Weber from Texas, for 
joining on as a bipartisan cosponsor.
  Mr. Speaker, the Grid Security R&D Act supports sustained investment 
across Federal agencies in research and technology to keep pace with 
the rapidly evolving threats to our electrical grid. The bill focuses 
on protecting our grid from two major threats: Cyber and physical.
  Access to reliable power is core to our economy, and the impact of 
physical threats to our electric grid have never been clearer than now.
  This summer, in my home State of California, the scenario of high 
winds, combined with lightning strikes and dry ground, have created 
some of the most dangerous wildfires in our State's history. In 
addition to burning millions of acres and causing loss of life, these 
wildfires put a significant part of our region on notice for potential 
emergency power shutoffs to reduce the risk of new outbreaks and 
further wildfire damage.
  However, these shutoffs are not as simple as turning off and on a 
light switch. It takes time to de-energize transmission systems in 
advance of a severe weather event and to reenergize the system after 
the threat has passed.
  While safety and preventing wildfires is a high priority, these 
shutoffs can leave hundreds of thousands of people without power for a 
few days. Dangerous wildfires, intense periods of drought, and other 
severe weather events have become increasingly more common in recent 
years because of climate change and will continue to threaten our grid.
  Furthermore, the inability to protect our grid from these severe 
weather events becomes more magnified during significant emergencies 
like the COVID-19 pandemic.
  Our hospitals and emergency rooms are working around the clock to 
save lives. They need access to reliable power and the assurance to 
know that the power will not go out during an important surgery or stop 
a ventilator from running.
  In addition, food banks and restaurants rely on refrigeration to 
continue supplying food to those in need and our small businesses 
cannot reopen if they can't keep the lights on.
  Ensuring access to electricity is critical in times like this. That 
is why I am proud to lead this bill, which would help strengthen the 
resiliency of our electric grid against physical threats. Our bill 
would also provide funding to develop technologies that would toughen 
our grid against wildfires and other natural disasters by improving 
early detection of deteriorating electrical transmission and 
distribution systems.

[[Page H5029]]

  This aging equipment can tend to spark and come in contact with 
vegetation during high-wind events and natural disasters causing 
wildfires.
  This bill will also spur the development and implementation of 
microgrid and battery storage technologies, provide backup power 
options so that in the event of an emergency power shutoff, a more 
targeted shutoff will impact less households.
  The threat of climate change in our electric grid is real. We have an 
opportunity to continue the modernization of our power system 
infrastructure, and this bill is a step in the right direction.
  Mr. Speaker, the other focus of our bill is improving cybersecurity 
across our electric grid. As the grid and other forms of critical 
infrastructure become more digitized, the risk that cyberattacks would 
shut down critical systems has increased, and in some cases these 
attacks can even cause physical damage to the grid. The types of 
cyberattacks also continue to become more sophisticated.
  Last year, cyber hackers remotely attacked electric grid networks for 
the first time, affecting several Western States, including California, 
Utah, and Wyoming. Given how critical reliable access to power is to 
our daily lives, these attacks highlight the need for investment to 
address this evolving threat.
  H.R. 5760 would authorize a comprehensive, coordinated research 
effort across Federal agencies to advance cybersecurity capabilities 
for the energy sector.
  Research areas would include: improving rapid detection of cyber 
intrusions, integrating cybersecurity features into the energy 
infrastructure, and focusing in on cyber solutions through our defense 
sector that can be modified and transferred to the civilian power 
sector.
  Lastly, our bill invests in strengthening our cybersecurity 
workforce. As our electric grid continues to modernize with renewable 
energy and energy storage technologies, a high-skilled workforce will 
be needed who understand the evolving threats.
  I look forward to working with the Senate to get this bill passed 
into law so we can continue to improve the resiliency of our electric 
grid.
  Mr. Speaker, I urge my colleagues to support this commonsense 
legislation, and I reserve the balance of my time.

                                         House of Representatives,


                               Committee on Homeland Security,

                                Washington, DC, September 2, 2020.
     Hon. Eddie Bernice Johnson,
     Chairwoman, Committee on Science, Space and Technology, House 
         of Representatives, Washington, DC.
       Dear Chairwoman Johnson: I write to you regarding H.R. 
     5760, the ``Grid Security Research and Development Act.''
       H.R. 5760 contains provisions that fall within the 
     jurisdiction of the Committee on Homeland Security. I 
     recognize and appreciate your desire to see this legislation 
     implemented and accordingly, I will not seek a sequential 
     referral of the bill. However, agreeing to waive 
     consideration of this bill should not be construed as the 
     Committee on Homeland Security waiving, altering, or 
     otherwise affecting its jurisdiction over subject matters 
     contained in the bill which fall within its Rule X 
     jurisdiction.
       I would also ask that a copy of this letter and your 
     response be included in the legislative report on H.R. 5760 
     and in the Congressional Record during any future floor 
     consideration of this bill.
       I look forward to working with you on this and other 
     important legislation in the future.
           Sincerely,
                                               Bennie G. Thompson,
     Chairman.
                                  ____

                                         House of Representatives,


                  Committee on Science, Space, and Technology,

                                Washington, DC, September 2, 2020.
     Chairman Bennie G. Thompson,
     Committee on Homeland Security,
     House of Representatives, Washington, DC.
       Dear Chairman Thompson: I am writing to you concerning H.R. 
     5760, the ``Grid Security Research and Development Act,'' 
     which was referred to the Committee on Science, Space, and 
     Technology, and in addition to the Committee on Homeland 
     Security on February 5, 2020.
       I appreciate your willingness to work cooperatively on this 
     bill. I recognize that the bill contains provisions that fall 
     within the jurisdiction of the Committee on Homeland 
     Security. I appreciate that your Committee will waive further 
     consideration of H.R. 5760 and that this action is not a 
     waiver of future jurisdictional claims by the Committee on 
     Homeland Security over this subject matter.
       I will make sure to include our exchange of letters in the 
     legislative report for H.R. 5760 and in the Congressional 
     Record. Thank you for your cooperation on this legislation.
           Sincerely,

                                        Eddie Bernice Johnson,

                                 Chairwoman, Committee on Science,
                                            Space, and Technology.

  Mr. LUCAS. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, last week when the House considered the massive Clean 
Economy Jobs and Innovation Act, I expressed my disappointment with the 
partisan policies in the bill, with the rushed and irresponsible 
process of writing it, and, most of all, with the sheer number of 
missed bipartisan legislative opportunities it represents.
  This week, I am glad to see that my friends across the aisle have 
taken heed of those words.
  The Committee on Science, Space, and Technology has one of the best 
track records in Congress for passing productive, bipartisan 
legislation, and I am pleased to see us upholding that tradition once 
again.
  H.R. 5760, the Grid Security Research and Development Act is a truly 
bipartisan Committee on Science, Space, and Technology product. It is 
sponsored by vice-chairman Ami Bera and Energy subcommittee Ranking 
Member Randy Weber. It has gone through regular order, and is the 
result of thoughtful consideration, careful analysis, and substantial 
debate. I support its passage today.
  Currently, the U.S. energy sector and its aging electrical grid faces 
many critical challenges, like higher demand, vulnerability to 
cyberattacks, and increased integration of new energy sources. It is 
our job in Congress to set the priorities to meet these challenges and 
to focus our limited Federal funds where we can see the best return on 
investment.
  To deliver effective solutions, we must take the long-term and big-
picture approach. We must support early-stage research that will spur 
innovation over a broad range of energy applications and provide for 
R&D to mobilize and defend our critical energy infrastructure.
  The bipartisan Grid Security Research and Development Act will 
strengthen our Nation's electric grid against rapidly changing 
technological challenges. It authorizes the Department of Energy's 
vital cybersecurity and emergency response R&D activities and directs 
DOE to work with relevant Federal agencies to develop cybersecurity 
best practices.
  Through the committee markup process, we were able to improve this 
legislation by adding key research infrastructure provisions from my 
legislation, H.R. 5685, the Securing American Leadership in Science and 
Technology Act.
  This provision requires the Secretary to carry out a program of 
research, development, and a demonstration of technologies and tools to 
help ensure the resilience and security of critical integrated grid 
infrastructures.
  It also requires the Secretary to establish and operate a critical 
infrastructure test facility that allows for both physical and cyber 
performance testing to be conducted on large-scale infrastructure 
systems. This test facility will amplify and accelerate the high-
priority research and development activities authorized in the original 
text and maximize the return on investment of taxpayers' dollars.
  Mr. Speaker, I would like to take this opportunity to thank my good 
friends across the aisle for working with us to come to agreement on 
this provision and on this bill. I am glad to see we can come together 
to focus on our shared interest in improving U.S. national security and 
energy resilience for the next generation.
  Mr. Speaker, I urge my colleagues to support this bill, and I reserve 
the balance of my time.
  Mr. BERA. Mr. Speaker, I reserve the balance of my time.
  Mr. LUCAS. Mr. Speaker, I yield 5 minutes to the gentleman from Texas 
(Mr. Weber), the ranking member of the Energy Subcommittee.
  Mr. WEBER of Texas. Mr. Speaker, I thank the gentleman for yielding. 
I also thank Representative Bera for introducing this bill with me. I 
am proud to rise in support of H.R. 5760.
  Mr. Speaker, cyber and physical threats to our electric grid are 
constantly evolving in technique and increasing in number. This 
challenge is magnified by its complexity. No two attacks are exactly 
the same.

[[Page H5030]]

  Last year in the United States, the energy sector ranked ninth in 
industries most targeted by cyberattacks. In fact, IBM estimated that 
cyberattacks against vital energy sector technologies, like industrial 
control and operational systems, increased by more than 2,000 percent--
2,000 percent.
  Mr. Speaker, it is clear that we must be prepared to address this 
threat as we continue to build on the success of our clean energy 
future and long-term international competitiveness. Every single aspect 
of our daily lives in each economic sector in our Nation is dependent 
on the uninterrupted flow of power. I like to say that the things that 
make America great are the things that America makes.
  How do we do that? With an uninterrupted, affordable flow of power.
  Therefore, we must focus heavily on early-stage research into new 
technologies that will improve the resilience, the reliability, and the 
emergency response capabilities of our electric grid.
  H.R. 5760 does that by authorizing a multi-agency research and 
development program to bolster the cyber and physical security 
capabilities of the energy sector.
  It authorizes key Federal agencies, like the Department of Energy and 
the National Science Foundation, to support early-stage research, 
development, and demonstration activities that will advance critical 
cybersecurity technologies and enhance the security of energy sector 
information systems.
  Mr. Speaker, I am also pleased to say, as the ranking member did, 
that this bill is truly bipartisan. We worked closely together to 
develop good legislation, and we included a key Committee on Science, 
Space, and Technology Republican priority; that is, a critical 
infrastructure research program and test facility.
  This provision, originally offered by my good friend, Ranking Member 
Lucas' bill, H.R. 5685, the Securing American Leadership in Science and 
Technology Act, was accepted as an amendment at committee markup.
  In coordination with the Department of Defense and the Department of 
Homeland Security, the DOE-led research program and test facility will 
allow for U.S. researchers to conduct a variety of high-priority tests 
on critical infrastructure systems at the industry scale. This facility 
is a perfect example of the research asset that the Federal government 
is best suited to provide.

  As recent events have shown us, it is not a question of if the U.S. 
power grid will face a significant physical or cyber threat, it is only 
a matter of when. In order to improve the cyber and physical security 
of our Nation's energy sector, we, in Congress, must continue to 
prioritize R&D to modernize and strengthen the national electricity 
system.
  We can't agree on everything--I get that--especially when wish lists 
and partisan messaging exercises rule the day. However, when we 
identify our shared goals and work together in good faith, we can put 
together real legislation and find a path forward for the benefit of 
the American people.
  Mr. Speaker, again, I thank Dr. Bera for introducing this 
legislation, and Members and staff of both sides of the aisle for 
working in a collaborative manner to reach a consensus on this 
standalone bill.
  Mr. Speaker, I encourage my colleagues to support this legislation. 
There is real power in doing so.
  Mr. BERA. Mr. Speaker, I, too, also want to recognize the bipartisan 
nature of this bill. It shows what we can do when we get together. I 
recognize the hard work of the staff from the Committee on Science, 
Space, and Technology.
  Mr. Speaker, I have no additional speakers, and I reserve the balance 
of my time.
  Mr. LUCAS. Mr. Speaker, I am prepared to close, and I yield myself 
such time as I may consume.
  Mr. Speaker, we must invest in the long-term, early-stage research 
that will strengthen our energy infrastructure against a range of 
emerging threats.
  The Department of Energy is uniquely qualified to lead this endeavor, 
and the partnerships that exist between its national laboratory 
systems, universities, and industry has the potential to modernize and 
transform U.S. energy delivery systems.
  H.R. 5760 authorizes the advanced grid security R&D activities that 
will make the future U.S. electrical grid reliable, resilient, and 
secure for all Americans.
  I, again, thank my friends across the aisle for working with us on 
this bill. We need to come together and have serious conversations 
about how to make real progress on next-generation energy issues. I am 
glad to see us doing that today.
  I urge my colleagues to support this legislation, and I yield back 
the balance of my time.

                              {time}  1700

  Mr. BERA. Mr. Speaker, I, once again, urge support of this 
commonsense, important legislation, and I yield back the balance of my 
time.
  Ms. JOHNSON of Texas. Mr. Speaker, I rise today in support of H.R. 
5760, the Grid Security Research and Development Act. I want to thank 
Mr. Bera for his leadership in introducing this bipartisan bill and for 
his commitment to developing legislation that will help strengthen 
America's electricity grid. I also want to thank my colleagues on the 
other side of the aisle who have recognized the importance of these 
investments and have joined me in supporting this important 
legislation.
  The Grid Security Research and Development Act is updated version of 
a bill that Mr. Bera and I introduced, along with many of my Science 
Committee colleagues, in the previous two Congresses. This bill 
provides legislative guidance to the activities carried out by the 
recently established Department of Energy Office of Cybersecurity, 
Energy Security, and Emergency Response by authorizing a cross-agency 
research and development program to advance electric grid cybersecurity 
and physical security. In particular, the bill authorizes activities on 
grid resilience and emergency response efforts, cybersecurity test 
beds, and education and workforce training for the energy sector.
  The passage of this bill is particularly important now, as states all 
over the U.S. are experiencing unprecedented extreme weather events, 
ranging from historic hurricanes in Texas to the ongoing wildfires in 
California and Oregon. In California specifically, utilities are 
shutting off power to millions of customers when there are high winds 
in certain areas to prevent the onset of wildfires sparked by trees and 
other vegetation near critical grid infrastructure. This bill contains 
provisions to help address these important issues by directing the 
Department of Energy to conduct research on technologies to assist with 
the safe planning and execution of emergency power shutoffs, offer 
technical assistance on related topics, and establish a training 
program to improve grid resilience, among other provisions.
  That's why I am proud to rise today in support of H.R. 5760. It would 
make important investments to improve the security and ensure the 
safety and resilience of our electric grid infrastructure. I also urge 
my colleagues to make a wise investment for our nation by joining me in 
supporting this bipartisan bill.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from California (Mr. Bera) that the House suspend the rules 
and pass the bill, H.R. 5760, as amended.
  The question was taken; and (two-thirds being in the affirmative) the 
rules were suspended and the bill, as amended, was passed.
  A motion to reconsider was laid on the table.

                          ____________________