[Congressional Record Volume 167, Number 126 (Monday, July 19, 2021)]
[House]
[Pages H3639-H3641]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




    ENHANCING GRID SECURITY THROUGH PUBLIC-PRIVATE PARTNERSHIPS ACT

  Mr. PALLONE. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 2931) to provide for certain programs and developments in 
the Department of Energy concerning the cybersecurity and 
vulnerabilities of, and physical threats to, the electric grid, and for 
other purposes.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 2931

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Enhancing Grid Security 
     through Public-Private Partnerships Act''.

     SEC. 2. PROGRAM TO PROMOTE AND ADVANCE PHYSICAL SECURITY AND 
                   CYBERSECURITY OF ELECTRIC UTILITIES.

       (a) Establishment.--The Secretary of Energy, in 
     coordination with relevant Federal agencies and in 
     consultation with State regulatory authorities, industry 
     stakeholders, and the Electric Reliability Organization, as 
     the Secretary determines appropriate, shall carry out a 
     program to--
       (1) develop, and provide for voluntary implementation of, 
     maturity models, self-assessments, and auditing methods for 
     assessing the physical security and cybersecurity of electric 
     utilities;
       (2) provide training to electric utilities to address and 
     mitigate cybersecurity supply chain management risks;
       (3) increase opportunities for sharing best practices and 
     data collection within the electric sector;
       (4) assist with cybersecurity training for electric 
     utilities;
       (5) advance the cybersecurity of third-party vendors that 
     work in partnerships with electric utilities; and
       (6) provide technical assistance for electric utilities 
     subject to the program.
       (b) Scope.--In carrying out the program under subsection 
     (a), the Secretary of Energy shall--
       (1) take into consideration different sizes of electric 
     utilities and the regions that such electric utilities serve;
       (2) prioritize electric utilities with fewer available 
     resources due to size or region; and
       (3) to the extent practicable, utilize and leverage 
     existing Department of Energy programs.
       (c) Protection of Information.--Information provided to, or 
     collected by, the Federal Government pursuant to this 
     section--
       (1) shall be exempt from disclosure under section 552(b)(3) 
     of title 5, United States Code; and
       (2) shall not be made available by any Federal, State, 
     political subdivision or tribal authority pursuant to any 
     Federal, State, political subdivision, or tribal law 
     requiring public disclosure of information or records.

     SEC. 3. REPORT ON CYBERSECURITY AND DISTRIBUTION SYSTEMS.

       (a) In General.--The Secretary of Energy, in coordination 
     with relevant Federal agencies and in consultation with State 
     regulatory authorities, industry stakeholders, and the 
     Electric Reliability Organization, as the Secretary 
     determines appropriate, shall submit to Congress a report 
     that assesses--
       (1) priorities, policies, procedures, and actions for 
     enhancing the physical security and cybersecurity of 
     electricity distribution systems to address threats to, and 
     vulnerabilities of, such electricity distribution systems; 
     and
       (2) implementation of such priorities, policies, 
     procedures, and actions, including an estimate of potential 
     costs and benefits of such implementation, including any 
     public-private cost-sharing opportunities.
       (b) Protection of Information.--Information provided to, or 
     collected by, the Federal Government pursuant to this 
     section--

[[Page H3640]]

       (1) shall be exempt from disclosure under section 552(b)(3) 
     of title 5, United States Code; and
       (2) shall not be made available by any Federal, State, 
     political subdivision or tribal authority pursuant to any 
     Federal, State, political subdivision, or tribal law 
     requiring public disclosure of information or records.

     SEC. 4. ELECTRICITY INTERRUPTION INFORMATION.

       (a) Interruption Cost Estimate Calculator.--The Secretary 
     of Energy, in coordination with relevant Federal agencies and 
     in consultation with State regulatory authorities, industry 
     stakeholders, and the Electric Reliability Organization, as 
     the Secretary determines appropriate, shall update the 
     Interruption Cost Estimate Calculator, as often as 
     appropriate and feasible, but not less than once every 2 
     years.
       (b) Indices.--The Secretary of Energy, in coordination with 
     relevant Federal agencies and in consultation with State 
     regulatory authorities, industry stakeholders, and the 
     Electric Reliability Organization, as the Secretary 
     determines appropriate, shall, as often as appropriate and 
     feasible, update the following:
       (1) The System Average Interruption Duration Index.
       (2) The System Average Interruption Frequency Index.
       (3) The Customer Average Interruption Duration Index.
       (c) Survey.--The Administrator of the Energy Information 
     Administration shall collect information on electricity 
     interruption costs, if available, from a representative 
     sample of owners of electric grid assets through a biennial 
     survey.

     SEC. 5. DEFINITIONS.

       In the Act, the following definitions apply:
       (1) Electric reliability organization.--The term ``Electric 
     Reliability Organization'' has the meaning given such term in 
     section 215(a)(2) of the Federal Power Act (16 U.S.C. 
     824o(a)(2)).
       (2) Electric utility.--The term ``electric utility'' has 
     the meaning given such term in section 3 of the Federal Power 
     Act (16 U.S.C. 796).
       (3) State regulatory authority.--The term ``State 
     regulatory authority'' has the meaning given such term in 
     section 3 of the Federal Power Act (16 U.S.C. 796).

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New 
Jersey (Mr. Pallone) and the gentleman from Ohio (Mr. Latta) each will 
control 20 minutes.
  The Chair recognizes the gentleman from New Jersey.


                             General Leave

  Mr. PALLONE. Mr. Speaker, I ask unanimous consent that all Members 
may have 5 legislative days in which to revise and extend their remarks 
and include extraneous material on H.R. 2931.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from New Jersey?
  There was no objection.
  Mr. PALLONE. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I begin by thanking my colleagues on the Committee on 
Energy and Commerce, Representative McNerney of California and 
Representative Latta of Ohio, for their continued work and cooperation 
on energy security issues and for introducing H.R. 2931, the Enhancing 
Grid Security Through Public-Private Partnerships Act.
  This legislation could not be more necessary. Our Nation is facing an 
increasing number of physical and cyber threats to its electric grid 
and infrastructure. This bill addresses those threats by directing the 
Secretary of Energy, in consultation with the Electric Reliability 
Organization, States, other Federal agencies, and industry 
stakeholders, to create and implement a program to enhance the physical 
and cybersecurity of electric utilities.
  It calls for cybersecurity training to mitigate supply chain risks 
and improving the cybersecurity of third-party utility vendors. It also 
encourages utilities to share best practices and data within the 
electric sector.
  The bill requires the Secretary of Energy to deliver a report to 
Congress on general cybersecurity concerns and to coordinate with the 
Department of Homeland Security and other relevant agencies to ensure 
good communications and smooth implementation of this program across 
the government.
  Finally, the bill instructs the Secretary of Energy to update the 
Interruption Cost Estimate Calculator, which is an electric reliability 
planning tool for estimating electricity interruption costs and the 
benefits associated with reliability benefits.
  Mr. Speaker, H.R. 2931 is an important bipartisan bill that will help 
address the security of our Nation's electric utilities, and I urge my 
colleagues to support it.
  Mr. Speaker, I reserve the balance of my time.
  Mr. LATTA. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I rise today in support of H.R. 2931, the first of two 
grid security bills I have worked closely on with my good friend and 
colleague, the gentleman from California (Mr. McNerney) over the last 
several Congresses.
  The goal of these two bills is to improve the resiliency of our 
Nation's energy grid against cyberattacks. Since the House last 
considered these bills on the floor, our country has experienced a new 
wave of cyberattacks on our critical infrastructure.
  On December 13, 2020, the cybersecurity firm, FireEye, published 
research that a malicious actor was exploiting a supply chain 
vulnerability in SolarWinds products to hack into government and 
private sector information technology networks.
  On May 8 of this year, the Colonial Pipeline Company announced that 
it was forced to halt its pipeline operation due to a ransomware 
attack, which disrupted critical supplies of gasoline and other refined 
products throughout the Southeast and the East Coast.
  Cyberattacks on our critical infrastructure will only continue to 
grow in both size and severity and Congress must take a stand. H.R. 
2931, the Enhancing Grid Security Through Public-Private Partnerships 
Act, will facilitate and encourage public-private partnerships in order 
to improve the cybersecurity of electric utilities.
  Specifically, it would develop and provide for voluntary 
implementation of maturity models, self-assessments, and auditing 
methods for assessing the physical security and cybersecurity of 
electric utilities.
  H.R. 2931 would provide training and technical assistance to electric 
utilities to address and mitigate cybersecurity supply chain management 
risks and increase opportunities for sharing best practices and data 
collection within the electric sector.
  Finally, this legislation will require the Secretary of Energy to 
submit a report to Congress that assesses priorities, policies, 
procedures, actions, and implementations of electricity distribution 
systems to address threats to and vulnerabilities of such electricity 
distribution systems. We cannot allow criminal cyber behavior to go 
unchallenged. Both H.R. 2931 and H.R. 2928 will help in the fight 
against cyber attacks.
  Mr. Speaker, I thank Chairman Pallone, Chairman Rush, leaders Rodgers 
and Upton for their efforts to advance these bills, and I encourage all 
my colleagues to vote ``yes'' on final passage.
  Mr. Speaker, I reserve the balance of my time.
  Mr. PALLONE. Mr. Speaker, I yield such time as he may consume to the 
gentleman from California (Mr. McNerney), the Democratic sponsor.
  Mr. McNERNEY. Mr. Speaker, I thank the chairman for yielding.
  Mr. Speaker, I rise today in support of my legislation, H.R. 2931, 
the Enhancing Grid Security Through Public-Private Partnership Act. The 
prior bill, this bill, and the next bill are good examples of working 
together on a bipartisan basis to accomplish things that are very 
critical to this country, and I thank my colleagues for being a very 
important part of this partnership.
  Mr. Speaker, I am pleased that we are considering this bill today, 
because we simply can't afford to wait any longer to secure our 
Nation's critical infrastructure, including the grid. The Colonial 
Pipeline attack coming on the heels of the SolarWinds attack was a 
bright warning sign that we need to act quickly to pass this 
legislation.

  Since the Colonial Pipeline attack, ransomware attacks have continued 
to skyrocket, and the need to enact H.R. 2931 has become even more 
pressing. H.R. 2931 would create a program to enhance the physical and 
cybersecurity of electric utilities. This program would develop methods 
for assessing security vulnerabilities. It would also provide 
cybersecurity training to electric utilities, advance cybersecurity of 
utility third-party vendors, and promote sharing of best practices and 
data collection in the electric sector.
  Under this legislation, the Secretary of Energy would work in 
consultation with States, Federal agencies, and industry stakeholders 
to create this program. By encouraging these partnerships, we will 
better position ourselves to keep the Nation's lights on and to

[[Page H3641]]

protect our grid from the growing cyber threats.
  Additionally, H.R. 2931 would require the Interruption Cost Estimate 
Calculator, which is used to calculate the ROI on utility investments, 
to be updated at least every 2 years to ensure accurate calculations.
  Mr. Speaker, I thank my good friend and partner in this legislation, 
Representative Latta from Ohio, for working with me on this important 
bill. I also thank Chairman Pallone, Ranking Member Rodgers, and the 
staff of the committee for helping us move this legislation.
  Mr. Speaker, I urge my colleagues to support it.
  Mr. PALLONE. Mr. Speaker, I have no additional speakers, and I 
reserve the balance of my time.
  Mr. LATTA. Mr. Speaker, again, from the recent attacks that we have 
had across the country in the last year and a half, it shows the 
importance of making sure that we are protected on the cybersecurity 
front. And working with my good friend and colleague from California, 
it has been so important that we get these two bills across the finish 
line today.
  Mr. Speaker, I urge all Members today to support H.R. 2931, and I 
yield back the balance of my time.
  Mr. PALLONE. Mr. Speaker, I would also ask that all our colleagues 
would support this on a bipartisan basis, and I yield back the balance 
of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from New Jersey (Mr. Pallone) that the House suspend the 
rules and pass the bill, H.R. 2931.
  The question was taken; and (two-thirds being in the affirmative) the 
rules were suspended and the bill was passed.
  A motion to reconsider was laid on the table.

                          ____________________