[Congressional Record Volume 167, Number 126 (Monday, July 19, 2021)]
[House]
[Pages H3641-H3642]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                        CYBER SENSE ACT OF 2021

  Mr. PALLONE. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 2928) to require the Secretary of Energy to establish a 
voluntary Cyber Sense program to test the cybersecurity of products and 
technologies intended for use in the bulk-power system, and for other 
purposes.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 2928

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Cyber Sense Act of 2021''.

     SEC. 2. CYBER SENSE.

       (a) In General.--The Secretary of Energy, in coordination 
     with relevant Federal agencies, shall establish a voluntary 
     Cyber Sense program to test the cybersecurity of products and 
     technologies intended for use in the bulk-power system, as 
     defined in section 215(a) of the Federal Power Act (16 U.S.C. 
     824o(a)).
       (b) Program Requirements.--In carrying out subsection (a), 
     the Secretary of Energy shall--
       (1) establish a testing process under the Cyber Sense 
     program to test the cybersecurity of products and 
     technologies intended for use in the bulk-power system, 
     including products relating to industrial control systems and 
     operational technologies, such as supervisory control and 
     data acquisition systems;
       (2) for products and technologies tested under the Cyber 
     Sense program, establish and maintain cybersecurity 
     vulnerability reporting processes and a related database;
       (3) provide technical assistance to electric utilities, 
     product manufacturers, and other electricity sector 
     stakeholders to develop solutions to mitigate identified 
     cybersecurity vulnerabilities in products and technologies 
     tested under the Cyber Sense program;
       (4) biennially review products and technologies tested 
     under the Cyber Sense program for cybersecurity 
     vulnerabilities and provide analysis with respect to how such 
     products and technologies respond to and mitigate cyber 
     threats;
       (5) develop guidance, that is informed by analysis and 
     testing results under the Cyber Sense program, for electric 
     utilities for procurement of products and technologies;
       (6) provide reasonable notice to the public, and solicit 
     comments from the public, prior to establishing or revising 
     the testing process under the Cyber Sense program;
       (7) oversee testing of products and technologies under the 
     Cyber Sense program; and
       (8) consider incentives to encourage the use of analysis 
     and results of testing under the Cyber Sense program in the 
     design of products and technologies for use in the bulk-power 
     system.
       (c) Disclosure of Information.--Any cybersecurity 
     vulnerability reported pursuant to a process established 
     under subsection (b)(2), the disclosure of which the 
     Secretary of Energy reasonably foresees would cause harm to 
     critical electric infrastructure (as defined in section 215A 
     of the Federal Power Act), shall be deemed to be critical 
     electric infrastructure information for purposes of section 
     215A(d) of the Federal Power Act.
       (d) Federal Government Liability.--Nothing in this section 
     shall be construed to authorize the commencement of an action 
     against the United States Government with respect to the 
     testing of a product or technology under the Cyber Sense 
     program.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New 
Jersey (Mr. Pallone) and the gentleman from Ohio (Mr. Latta) each will 
control 20 minutes.
  The Chair recognizes the gentleman from New Jersey.


                             General Leave

  Mr. PALLONE. Mr. Speaker, I ask unanimous consent that all Members 
may have 5 legislative days in which to revise and extend their remarks 
and include extraneous material on H.R. 2928.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from New Jersey?
  There was no objection.
  Mr. PALLONE. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I rise in support of H.R. 2928, the Cyber Sense Act of 
2021. Grid security is a national security issue. Fortunately, there 
has not yet been a broad cyberattack that has taken down large parts of 
the electric grid in the United States. But as we learned from the 
ransomware attack on the Colonial Pipeline earlier this year, we must 
not let our guard down.
  Mr. Speaker, I am proud to support H.R. 2928, which gives the 
electric sector critical tools and technologies necessary to protect 
our grid from malicious harm.
  This legislation gives the Department of Energy an important new 
authority to facilitate the adoption of more secure technologies and 
equipment in our Nation's grid. It does this by requiring the 
Department of Energy to set up a voluntary ``Cyber Sense'' program to 
identify cyber-secure products for use in the bulk-power system.
  The bill also requires the Secretary of Energy to coordinate with the 
Department of Homeland Security and other relevant Federal agencies in 
order to ensure smooth and seamless implementation across the Federal 
Government.

                              {time}  1430

  This program would also provide technical assistance to electric 
utilities and product manufacturers to assist them in developing 
solutions to mitigate cyber vulnerabilities in the grid.
  I want to again thank my colleagues, Representatives McNerney and 
Latta, for their hard work on this critical issue and for their 
persistence in pursuing this bill for the last several years. Their 
partnership and bipartisan leadership on cybersecurity issues continues 
to benefit us all.
  Mr. Speaker, I urge all of my colleagues to support this important 
bipartisan bill, and I reserve the balance of my time.
  Mr. LATTA. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I rise today in support of H.R. 2928, the Cyber Sense 
Act, which is the second of two grid security bills that I have 
introduced and, again, worked closely on with my good friend and 
colleague, the gentleman from California (Mr. McNerney).
  This bipartisan legislation will establish a testing process under a 
newly established voluntary Cyber Sense program to test the 
cybersecurity of products and technologies intended for use in the 
bulk-power system, including products relating to industrial control 
systems and operational technologies, such as supervisory control and 
data acquisition systems.
  It would provide technical assistance to electric utilities, product 
manufacturers, and other electricity sector stakeholders to develop 
solutions to mitigate identified cybersecurity vulnerabilities in 
products and technologies tested under the Cyber Sense program.
  H.R. 2928 would also develop guidance for electric utilities for 
procurement of products and technologies and consider incentives to 
encourage the use of analysis and results of testing under the program 
in the design of products and technologies for use in the bulk-power 
system.
  The SolarWinds attack exposed a vulnerability in our supply chains 
that

[[Page H3642]]

should serve as a wake-up call to the energy sector. Similar attacks on 
products used in grid operators' IT networks could go undetected and, 
when exposed, result in the costly process of disabling and removing 
such products from operation.
  Having a program that would allow for the testing of a product's 
cybersecurity would help grid operators share information and maintain 
coordination with the Federal Government to keep pace with evolving 
cybersecurity threats. H.R. 2928 would accomplish these goals.
  Again, I want to thank Chairman Pallone, Chairman Rush, Leader 
Rodgers, and Leader Upton for their support. I call on my colleagues to 
support this bill, and I reserve the balance of my time.
  Mr. PALLONE. Mr. Speaker, I yield such time as he may consume to the 
gentleman from California (Mr. McNerney), the sponsor of the bill.
  Mr. McNERNEY. Mr. Speaker, I rise today in support of H.R. 2928, the 
Cyber Sense Act of 2021.
  The Cyber Sense Act is another piece of bipartisan legislation that 
takes steps to improve the security of our Nation's electric grid 
infrastructure. It would establish a program to identify cyber secure 
products for the bulk-power grid through a testing and verification 
program.
  The bulk-power system is essential for providing reliable electric 
power to the American people. We must ensure that this system is as 
secure as possible. Any vulnerable component in our grid is a threat to 
our security, and this bill will take important steps to strengthen the 
system.
  It would also require the Department of Energy to provide technical 
assistance to electric utilities, manufacturers, and other relevant 
stakeholders related to cybersecurity vulnerabilities in products under 
the Cyber Sense program.
  In today's world, there are literally billions of connected devices 
in use and the number is rapidly increasing. Most of these devices have 
no standards. There is no way for electric utilities to verify the 
security of the products, and we are seeing cyber threats continue to 
increase. This legislation is badly needed.
  Mr. Speaker, I thank my good friend, Mr. Latta, again for his 
partnership on this bill. We have been working together on a number of 
issues, and this is a sign of our partnership.
  I also thank Chairman Pallone and Ranking Member Rodgers for working 
with us to move this legislation quickly, and I don't want to forget 
the staff of the Energy and Commerce Committee, who have been so 
helpful.
  Mr. Speaker, I urge my colleagues to support it.
  Mr. LATTA. Mr. Speaker, I have no other speakers, and I am ready to 
close.
  Mr. Speaker, again, as the gentleman from California mentioned about 
the ongoing cyberattacks we have had in this country, it is absolutely 
essential that we get this bill across the finish line. H.R. 2928 is 
going to help accomplish these goals and protect our grid out there.
  Mr. Speaker, I urge all of my colleagues to support this legislation, 
and I yield back the balance of my time.
  Mr. PALLONE. Mr. Speaker, I urge my colleagues on both sides to 
support this bill, and I yield back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from New Jersey (Mr. Pallone) that the House suspend the 
rules and pass the bill, H.R. 2928.
  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds 
being in the affirmative, the ayes have it.
  Mr. ROSENDALE. Mr. Speaker, on that I demand the yeas and nays.
  The SPEAKER pro tempore. Pursuant to section 3(s) of House Resolution 
8, the yeas and nays are ordered.
  Pursuant to clause 8 of rule XX, further proceedings on this motion 
are postponed.

                          ____________________