[House Report 115-795]
[From the U.S. Government Publishing Office]


115th Congress    }                                     {      Report
                        HOUSE OF REPRESENTATIVES
 2d Session       }                                     {     115-795

======================================================================



 
    ENHANCING GRID SECURITY THROUGH PUBLIC-PRIVATE PARTNERSHIPS ACT

                                _______
                                

 June 28, 2018.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

 Mr. Walden, from the Committee on Energy and Commerce, submitted the 
                               following

                              R E P O R T

                        [To accompany H.R. 5240]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Energy and Commerce, to whom was referred 
the bill (H.R. 5240) to provide for certain programs and 
developments in the Department of Energy concerning the 
cybersecurity and vulnerabilities of, and physical threats to, 
the electric grid, and for other purposes, having considered 
the same, report favorably thereon with an amendment and 
recommend that the bill as amended do pass.

                                CONTENTS

                                                                   Page
Purpose and Summary..............................................     3
Background and Need for Legislation..............................     3
Committee Action.................................................     7
Committee Votes..................................................     7
Oversight Findings and Recommendations...........................     7
New Budget Authority, Entitlement Authority, and Tax Expenditures     7
Congressional Budget Office Estimate.............................     8
Federal Mandates Statement.......................................     9
Statement of General Performance Goals and Objectives............     9
Duplication of Federal Programs..................................     9
Committee Cost Estimate..........................................     9
Earmark, Limited Tax Benefits, and Limited Tariff Benefits.......     9
Disclosure of Directed Rule Makings..............................     9
Advisory Committee Statement.....................................     9
Applicability to Legislative Branch..............................     9
Section-by-Section Analysis of the Legislation...................     9
Changes in Existing Law Made by the Bill, as Reported............    11

    The amendment is as follows:
  Strike all after the enacting clause and insert the 
following:

SECTION 1. SHORT TITLE.

  This Act may be cited as the ``Enhancing Grid Security through 
Public-Private Partnerships Act''.

SEC. 2. PROGRAM TO PROMOTE AND ADVANCE PHYSICAL SECURITY AND 
                    CYBERSECURITY OF ELECTRIC UTILITIES.

  (a) Establishment.--The Secretary of Energy, in consultation with 
State regulatory authorities, industry stakeholders, the Electric 
Reliability Organization, and other Federal agencies the Secretary 
determines appropriate, shall carry out a program to--
          (1) develop, and provide for voluntary implementation of, 
        maturity models, self-assessments, and auditing methods for 
        assessing the physical security and cybersecurity of electric 
        utilities;
          (2) provide training to electric utilities to address and 
        mitigate cybersecurity supply chain management risks;
          (3) increase opportunities for sharing best practices and 
        data collection within the electric sector;
          (4) assist with cybersecurity training for electric 
        utilities;
          (5) advance the cybersecurity of third-party vendors that 
        work in partnerships with electric utilities; and
          (6) provide technical assistance for electric utilities 
        subject to the program.
  (b) Scope.--In carrying out the program under subsection (a), the 
Secretary of Energy shall--
          (1) take into consideration different sizes of electric 
        utilities and the regions that such electric utilities serve;
          (2) prioritize electric utilities with fewer available 
        resources due to size or region; and
          (3) to the extent practicable, utilize and leverage existing 
        Department of Energy programs.
  (c) Protection of Information.--Information provided to, or collected 
by, the Federal Government pursuant to this section--
          (1) shall be exempt from disclosure under section 552(b)(3) 
        of title 5, United States Code; and
          (2) shall not be made available by any Federal, State, 
        political subdivision or tribal authority pursuant to any 
        Federal, State, political subdivision, or tribal law requiring 
        public disclosure of information or records.

SEC. 3. REPORT ON CYBERSECURITY AND DISTRIBUTION SYSTEMS.

  (a) In General.--The Secretary of Energy, in consultation with State 
regulatory authorities, industry stakeholders, and other Federal 
agencies the Secretary determines appropriate, shall submit to Congress 
a report that assesses--
          (1) priorities, policies, procedures, and actions for 
        enhancing the physical security and cybersecurity of 
        electricity distribution systems to address threats to, and 
        vulnerabilities of, such electricity distribution systems; and
          (2) implementation of such priorities, policies, procedures, 
        and actions, including an estimate of potential costs and 
        benefits of such implementation, including any public-private 
        cost-sharing opportunities.
  (b) Protection of Information.--Information provided to, or collected 
by, the Federal Government pursuant to this section--
          (1) shall be exempt from disclosure under section 552(b)(3) 
        of title 5, United States Code; and
          (2) shall not be made available by any Federal, State, 
        political subdivision or tribal authority pursuant to any 
        Federal, State, political subdivision, or tribal law requiring 
        public disclosure of information or records.

SEC. 4. ELECTRICITY INTERRUPTION INFORMATION.

  (a) Interruption Cost Estimate Calculator.--The Secretary of Energy, 
in consultation with the Federal Energy Regulatory Commission, State 
regulatory authorities, industry stakeholders, and other Federal 
agencies the Secretary determines appropriate, shall update the 
Interruption Cost Estimate Calculator, as often as appropriate and 
feasible, but not less than once every 2 years.
  (b) Indices.--The Secretary of Energy, in consultation with the 
Federal Energy Regulatory Commission, State regulatory authorities, 
industry stakeholders, and other Federal agencies the Secretary 
determines appropriate, shall, as often as appropriate and feasible, 
update the following:
          (1) The System Average Interruption Duration Index.
          (2) The System Average Interruption Frequency Index.
          (3) The Customer Average Interruption Duration Index.
  (c) Survey.--The Administrator of the Energy Information 
Administration shall collect information on electricity interruption 
costs, if available, from a representative sample of owners of electric 
grid assets through a biennial survey.

SEC. 5. DEFINITIONS.

  In the Act, the following definitions apply:
          (1) Electric reliability organization.--The term ``Electric 
        Reliability Organization'' has the meaning given such term in 
        section 215(a)(2) of the Federal Power Act (16 U.S.C. 
        824o(a)(2)).
          (2) Electric utility.--The term ``electric utility'' has the 
        meaning given such term in section 3 of the Federal Power Act 
        (16 U.S.C. 796).
          (3) State regulatory authority.--The term ``State regulatory 
        authority'' has the meaning given such term in section 3 of the 
        Federal Power Act (16 U.S.C. 796).

                          PURPOSE AND SUMMARY

    H.R. 5240, the Enhancing Grid Security through Public-
Private Partnerships Act of 2018, was introduced by Rep. Jerry 
McNerney (D-CA) and Rep. Robert Latta (R-OH) on March 9, 2018. 
This legislation would require the Secretary of Energy to 
establish a program to facilitate and encourage public-private 
partnerships to promote and advance physical security and 
cybersecurity of electric utilities.
    The Secretary of Energy is directed to carry out a program 
to (1) develop, and provide for voluntary implementation of, 
maturity models, self-assessments, and auditing methods for 
assessing the physical security and cybersecurity of electric 
utilities; (2) provide training and technical assistance to 
electric utilities to address and mitigate cybersecurity supply 
chain management risks; and (3) increase opportunities for 
sharing best practices and data collection within the electric 
sector.
    The Secretary is also required to take into consideration 
different sizes of electric utilities and the regions they 
serve and to prioritize electric utilities with fewer available 
resources due to size or region. Any information an electric 
utility provides to the Federal government through this program 
will be exempt from public disclosure under Federal, State, or 
tribal law.
    The bill also provides for a report to Congress addressing 
cybersecurity as it relates to the electric distribution 
system. H.R. 5240 directs the Secretary to assess priorities, 
policies, procedures, and actions for enhancing the physical 
and cybersecurity of the electric distribution system, 
including the costs and benefits of implementing these 
priorities, policies, procedures, and actions.
    Finally, H.R. 5240 directs the Department of Energy (DOE) 
to update the Interruption Cost Estimate Calculator, a tool 
designed for and utilized by electric reliability planners at 
electric utilities, government organizations, or other entities 
that are interested in estimating interruption costs and 
benefits associated with infrastructure improvements.

                  BACKGROUND AND NEED FOR LEGISLATION

    The United States' energy infrastructure is comprised of a 
vast network of energy and electricity systems that deliver 
uninterrupted electricity from producers to consumers. These 
intricate and highly interdependent systems enable every aspect 
of our daily lives. Our nation's economy, security, and the 
health and safety of its citizens depend upon the reliable and 
uninterrupted supply of fuels and electricity. Since the 
inception of the Department of Energy in 1977, the manner in 
which energy and power is generated, transmitted, and delivered 
continues to rapidly change and evolve. As advances in digital 
and information technologies continue to layer onto existing 
practices and energy infrastructures, new risks emerge, and 
vulnerabilities are exposed. Recent high-profile attempts by 
foreign actors to infiltrate our nation's energy systems and 
infrastructure further highlight the need for legislation aimed 
at mitigating these significant and growing threats to the 
reliable supply of energy in the United States.

The Department of Energy's authorities for cybersecurity, energy 
        security, and emergency response

    When the Department of Energy was organized in 1977, energy 
security concerns revolved around oil supply shortages. As a 
result, energy security emergency functions in the Department 
of Energy Organization Act focused on distributing and 
allocating fuels in an emergency. Over time, these functions in 
DOE's organic statute remained largely unchanged, but DOE's 
responsibilities and authorities have evolved substantially 
beyond what was envisioned forty years ago. Energy delivery 
systems have become increasingly interconnected and digitized, 
while society has become more dependent on energy in all its 
forms--expanding the opportunities for cybersecurity threats 
and other hazards that may require emergency response.
    Today, DOE's mission to advance the national, economic, and 
energy security of the United States requires it to act as the 
lead agency for the protection of electric power, oil, and 
natural gas infrastructure. DOE has authority and 
responsibilities for the physical security and cybersecurity of 
energy delivery systems from laws that Congress has passed and 
Presidential directives. Congress has provided DOE with a wide 
range of emergency response and cybersecurity authorities 
affecting multiple segments of the energy sector, beginning 
with the Department of Energy Organization Act, and most 
recently with the Fixing America's Surface Transportation Act 
(FAST Act).
    The FAST Act, which was signed into law in 2015, designated 
DOE as the Sector-Specific Agency (SSA) for the energy sector 
and provided the Department with several new energy security 
authorities to respond to physical and cyberattacks to energy 
systems. Section 61003 of the FAST Act amended section 215 of 
the Federal Power Act (FPA) and created a new section 215A 
entitled, ``Critical Electric Infrastructure Security.'' This 
new section 215A of the FPA provided definitions for the terms 
``bulk power system,'' ``critical electric infrastructure,'' 
``critical electric infrastructure information,'' and ``grid 
security emergency,''\1\ among other terms. Section 215 of the 
FPA states that when the President issues or provides to the 
Secretary of Energy a written directive or determination 
identifying a grid security emergency, the Secretary may, with 
or without notice, hearing, or report, issue orders for 
emergency measures to protect or restore the reliability of 
critical electric infrastructure or of defense critical 
electric infrastructure during an emergency.\2\ Section 215A 
also includes protections for the sharing of critical electric 
information.
---------------------------------------------------------------------------
    \1\See Section 215A of the Federal Power Act, the term ``Grid 
Security Emergency'' means the occurrence or imminent danger of (A)(i) 
a malicious act using electronic communication or an electromagnetic 
pulse, or a geomagnetic storm event, that could disrupt the operation 
of those electronic devices or communications networks, including 
hardware, software, and data, that are essential to the reliability of 
critical electric infrastructure or of defense critical electric 
infrastructure; and (ii) disruption of the operation of such devices or 
networks, with significant adverse effects on the reliability of 
critical electric infrastructure or of defense critical electric 
infrastructure, as a result of such act or event; or (B)(i) a direct 
physical attack on critical electric infrastructure or on defense 
critical electric infrastructure; and (ii) significant adverse effects 
on the reliability of critical electric infrastructure or of defense 
critical electric infrastructure as a result of such physical attack.
    \2\Federal Power Act Sec. 215A, 16 U.S.C. Sec. 824o-1.
---------------------------------------------------------------------------
    DOE's cybersecurity roles and responsibilities are also 
guided by the Federal government's operational framework, as 
provided by the Presidential Policy Directive 41 (PPD-41) 
issued in 2016 addressing ``United States Cyber Incident 
Coordination.'' A primary purpose of PPD-41 is to improve 
coordination across the Federal government by clarifying roles 
and responsibilities. Under the PPD-41 framework, DOE serves as 
the lead agency for the energy sector, coordinating closely 
with other agencies and the private sector to facilitate the 
response, recovery, and restoration of damaged energy 
infrastructure.
    On February 14, 2018, the Energy Secretary formed a new 
Office of Cybersecurity, Energy Security, and Emergency 
Response (CESER) at DOE. The CESER office will be led by an 
Assistant Secretary who will focus on energy infrastructure 
security, support the expanded national security 
responsibilities assigned to DOE, and report to the Under 
Secretary of Energy.\3\
---------------------------------------------------------------------------
    \3\See Press Release, U.S. Department of Energy, ``Secretary of 
Energy Rick Perry Forms New Office of Cybersecurity, Energy Security, 
and Emergency Response.'' (Feb. 14, 2018), https://www.energy.gov/
articles/secretary-energy-rick-perry-forms-new-office-cybersecurity-
energy-     security-and-emergency.
---------------------------------------------------------------------------

Physical security and cybersecurity of the electric grid

    With respect to its responsibilities for security of the 
electric power system, DOE works closely with electric sector 
owners and operators to detect and mitigate risks to critical 
electric infrastructure. DOE collaborates with the electric 
sector to develop technologies, tools, exercises, and other 
resources to assist the energy sector in evaluating and 
improving their security preparedness.\4\
---------------------------------------------------------------------------
    \4\Department of Energy. Energy Sector Cybersecurity Preparedness.
---------------------------------------------------------------------------
    Along with DOE, the Federal Energy Regulatory Commission 
(FERC) has authority over the reliability of the electric grid. 
Congress, through the Energy Policy Act of 2005,\5\ provided 
FERC with the authority to approve mandatory cybersecurity 
standards proposed by the Electric Reliability Organization 
(ERO). The North American Electric Reliability Corporation 
(NERC) currently serves as the ERO. NERC proposes reliability 
standards for planning and operating the North American bulk 
power system. These critical infrastructure protection (CIP) 
reliability standards\6\ address physical security and 
cybersecurity of critical electric infrastructure.
---------------------------------------------------------------------------
    \5\P.L. 109-58.
    \6\See North American Electric Reliability Corporation for further 
information.
---------------------------------------------------------------------------
    Cooperation between the Federal government and electricity 
sector extends beyond mandatory and enforceable standards. The 
Electricity Subsector Coordinating Council (ESCC) serves as the 
principal liaison between the Federal government and the 
electric power sector in coordinating efforts to prepare for 
national-level incidents or threats to critical 
infrastructure.\7\ The Cybersecurity Risk Information Sharing 
Program (CRISP) is a public-private partnership, funded by DOE 
and industry. CRISP is managed by the Electricity Information 
Sharing and Analysis Center (E-ISAC)\8\ and facilitates the 
timely bi-directional sharing of unclassified and classified 
threat information with energy sector partners.\9\
---------------------------------------------------------------------------
    \7\See Electric Subsector Coordinating Council for further 
information.
    \8\See Electricity Information Sharing and Analysis Center for 
further information.
    \9\Department of Energy. Cybersecurity for Critical Energy 
Infrastructure.
---------------------------------------------------------------------------

Need for legislation

    The Committee finds that section 2 of H.R. 5240 would 
facilitate and strengthen public-private partnerships to 
promote and advance the physical security and cybersecurity of 
electric utilities that have fewer resources due to size or 
region. According to the testimony of Undersecretary Mark 
Menezes:

          The cyber-attacks on the Ukrainian grid underscored 
        the urgency of the cyber threat to everyone involved in 
        the protection and operation of the Nation's power 
        grid. Continuing to build off current work is critical 
        in mitigating the risks that the electric grid faces. 
        Sharing and promoting best practices, including 
        maturity model assessments, physical and cyber risk 
        assessments, and training are all important components 
        of this risk mitigation.\10\
---------------------------------------------------------------------------
    \10\See Written Testimony of Under Secretary Mark Menezes, U.S. 
Department of Energy, Before the Subcommittee on Energy, Committee on 
Energy and Commerce, March 14, 2018.

    The Edison Electric Institute (EEI), American Public Power 
Association (APPA) and the National Rural Electric Cooperatives 
Association (NRECA) supported section 2 of H.R. 5240. APPA and 
NRECA, in a statement submitted for the hearing record, stated, 
``[p]ublic-private partnerships like those between DOE, APPA 
and NRECA are vital to help needed resources reach the smaller 
utilities in the sector.''\11\
---------------------------------------------------------------------------
    \11\See Statement for the Record by the American Public Power 
Association (APPA) and the National Rural Electric Cooperative 
Association (NRECA) for Subcommittee on Energy,
---------------------------------------------------------------------------
    The Committee finds section 3 of H.R. 5240 would help 
mitigate against threats and vulnerabilities to electricity 
distribution systems by assessing priorities, policies, 
procedures, and actions for enhancing the physical and 
cybersecurity of electric distribution systems.
    The testimony of Scott Aaronson, Vice President, Security 
and Preparedness for the Edison Electric Institute supported 
this section and stated, ``[t]he number of distribution 
assets--including distributed energy resources and customer 
devices `behind the meter'--is growing and can impact the 
broader electricity system, the security of these 
interconnected devices must be considered to prevent 
cybersecurity incidents from impacting reliability.''\12\
---------------------------------------------------------------------------
    \12\See Written testimony of Mr. Scott Aaronson, Vice President, 
Security and Preparedness for the Edison Electric Institute, Before the 
Subcommittee on Energy, Committee on Energy and Commerce, March 14, 
2018.
---------------------------------------------------------------------------
    The Committee finds section 4 of H.R. 5240 would help 
improve electric infrastructure resilience by updating a 
program that assists grid planners at utilities, government 
organizations and other entities with estimating interruption 
costs and benefits associated with infrastructure improvements.
    According to the testimony of Undersecretary Mark Menezes:

          The Interruption Cost Estimate (ICE) Calculator tool, 
        which was developed by Lawrence Berkley National 
        Laboratory and Nexant, Inc. and funded by DOE-OE, is 
        designed for electric reliability planners at 
        utilities, government organizations, or other entities 
        that are interested in estimating interruption costs 
        and/or benefits associated with reliability 
        improvements in the United States. For any hazard, 
        including cyber events, the ICE Calculator provides 
        analytical foundations for reliability 
        investments.''\13\
---------------------------------------------------------------------------
    \13\See Written Testimony of Under Secretary Mark Menezes, U.S. 
Department of Energy, Before the Subcommittee on Energy, Committee on 
Energy and Commerce, March 14, 2018.
---------------------------------------------------------------------------

                            COMMITTEE ACTION

    On March 14, 2018 the Subcommittee on Energy held a hearing 
on H.R. 5240 entitled, ``DOE Modernization: Legislation 
Addressing Cybersecurity and Emergency Response.'' The 
Subcommittee received testimony from:
           Mark Menezes, Under Secretary of Energy, 
        U.S. Department of Energy;
           Scott Aaronson, Vice President, Security and 
        Preparedness, Edison Electric Institute;
           Mark Engels, Senior Enterprise Security 
        Advisor, Dominion Energy;
           Tristan Vance, Director, Office of Energy 
        Development, State of Indiana on behalf of the National 
        Association of State Energy Officials;
           Zachary Tudor, Associate Laboratory Director 
        for National and Homeland Security, Idaho National 
        Laboratory; and,
           Kyle Pistor, Vice President of Government 
        Relations, National Electrical Manufactures 
        Association.
    On April 18, 2018, the Subcommittee on Energy met in open 
markup session and forwarded H.R. 5240, without amendment, to 
the full Committee by a voice vote.
    On May 9, 2018, the full Committee on Energy and Commerce 
met in open markup session and ordered H.R. 5240, as amended, 
favorably reported to the House by a voice vote.

                            COMMITTEE VOTES

    Clause 3(b) of rule XIII requires the Committee to list the 
recorded votes on the motion to report legislation and 
amendments thereto. There were no recorded votes taken in 
connection with ordering H.R. 5240 reported.

                 OVERSIGHT FINDINGS AND RECOMMENDATIONS

    Pursuant to clause 2(b)(1) of rule X and clause 3(c)(1) of 
rule XIII, the Committee held a hearings and made findings that 
are reflected in this report.

   NEW BUDGET AUTHORITY, ENTITLEMENT AUTHORITY, AND TAX EXPENDITURES

    Pursuant to clause 3(c)(2) of rule XIII, the Committee 
finds that H.R. 5240 would result in no new or increased budget 
authority, entitlement authority, or tax expenditures or 
revenues.

                  CONGRESSIONAL BUDGET OFFICE ESTIMATE

    Pursuant to clause 3(c)(3) of rule XIII, the following is 
the cost estimate provided by the Congressional Budget Office 
pursuant to section 402 of the Congressional Budget Act of 
1974:

                                     U.S. Congress,
                               Congressional Budget Office,
                                      Washington, DC, May 23, 2018.
Hon. Greg Walden,
Chairman, Committee on Energy and Commerce,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 5240, the 
Enhancing Grid Security through Public-Private Partnerships 
Act.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Megan 
Carroll.
            Sincerely,
                                             Mark P. Hadley
                                        (For Keith Hall, Director).
    Enclosure.

H.R. 5240--Enhancing Grid Security through Public-Private Partnerships 
        Act

    H.R. 5240 would direct the Department of Energy (DOE) to 
establish a program to promote collaborative efforts--among 
federal, state, and private stakeholders of the electricity 
sector--to assess and improve the physical security and 
cybersecurity of electric utilities. The bill would authorize 
DOE to provide guidance, training, and technical assistance to 
utilities and specify other reporting and administrative 
requirements.
    Using information from DOE, CBO estimates that enacting 
H.R. 5240 would not significantly affect the federal budget. 
The activities authorized by the bill are largely consistent 
with DOE's existing efforts related to the security of the 
energy infrastructure. As a result, CBO expects that any 
changes in federal spending under the bill--which would be 
subject to appropriation--would be small.
    H.R. 5240 would not affect direct spending or revenues; 
therefore, pay-as-you-go procedures do not apply.
    CBO estimates that enacting H.R. 5240 would not affect 
direct spending or on-budget deficits in any of the four 
consecutive 10-year periods beginning in 2029.
    H.R. 5240 would impose an intergovernmental mandate, as 
defined in the Unfunded Mandates Reform Act (UMRA), by 
preempting state, local, and tribal laws that could otherwise 
cause government agencies to disclose information collected by 
DOE under the bill, such as plans to enhance cybersecurity. 
Although the preemption would limit the application of state, 
local, and tribal laws, CBO estimates that it would impose no 
duty on those governments that would result in additional 
spending or a loss of revenue.
    H.R. 5240 contains no private-sector mandates as defined in 
UMRA.
    The CBO staff contacts for this estimate are Megan Carroll 
(for federal costs) and Jon Sperl (for mandates). The estimate 
was reviewed by H. Samuel Papenfuss, Deputy Assistant Director 
for Budget Analysis.

                       FEDERAL MANDATES STATEMENT

    The Committee adopts as its own the estimate of Federal 
mandates prepared by the Director of the Congressional Budget 
Office pursuant to section 423 of the Unfunded Mandates Reform 
Act.

         STATEMENT OF GENERAL PERFORMANCE GOALS AND OBJECTIVES

    Pursuant to clause 3(c)(4) of rule XIII, the general 
performance goal or objective of this legislation is to provide 
programs and developments in the Department of Energy 
concerning the cybersecurity and vulnerabilities of, and 
physical threats to, the electric grid, and for other purposes.

                    DUPLICATION OF FEDERAL PROGRAMS

    Pursuant to clause 3(c)(5) of rule XIII, no provision of 
H.R. 5240 is known to be duplicative of another Federal 
program, including any program that was included in a report to 
Congress pursuant to section 21 of Public Law 111-139 or the 
most recent Catalog of Federal Domestic Assistance.

                        COMMITTEE COST ESTIMATE

    Pursuant to clause 3(d)(1) of rule XIII, the Committee 
adopts as its own the cost estimate prepared by the Director of 
the Congressional Budget Office pursuant to section 402 of the 
Congressional Budget Act of 1974.

       EARMARK, LIMITED TAX BENEFITS, AND LIMITED TARIFF BENEFITS

    Pursuant to clause 9(e), 9(f), and 9(g) of rule XXI, the 
Committee finds that H.R. 5240 contains no earmarks, limited 
tax benefits, or limited tariff benefits.

                  DISCLOSURE OF DIRECTED RULE MAKINGS

    Pursuant to section 3(i) of H. Res. 5, the Committee finds 
that H.R. 5240 contains no directed rule makings.

                      ADVISORY COMMITTEE STATEMENT

    No advisory committees within the meaning of section 5(b) 
of the Federal Advisory Committee Act were created by this 
legislation.

                  APPLICABILITY TO LEGISLATIVE BRANCH

    The Committee finds that the legislation does not relate to 
the terms and conditions of employment or access to public 
services or accommodations within the meaning of section 
102(b)(3) of the Congressional Accountability Act.

             SECTION-BY-SECTION ANALYSIS OF THE LEGISLATION

Section 1. Short title

    This section provides the short title of ``Enhancing Grid 
Security through Public-Private Partnerships Act of 2018.''

Section 2. Program to promote and advance physical security and 
        cybersecurity of electric utilities

    The Secretary of Energy, in consultation with State 
regulatory authorities, industry stakeholders, and other 
Federal agencies the Secretary determines appropriate, shall 
carry out a program to (1) develop, and provide for voluntary 
implementation of, maturity models, self-assessments, and 
auditing methods for assessing the physical security and 
cybersecurity of electric utilities; (2) provide training and 
technical assistance to electric utilities to address and 
mitigate cybersecurity supply chain management risks; (3) 
increase opportunities for sharing best practices and data 
collection within the electric sector; (4) assist with 
cybersecurity training for electric utilities; (5) advance the 
cybersecurity of third-party vendors that work in partnerships 
with electric utilities; and (6) provide technical assistance 
for electric utilities subject to the program.
    Section 2(b) states that in carrying out the program under 
section 2(a), the Secretary of Energy shall (1) take into 
consideration different sizes of electric utilities and the 
regions that such electric utilities serve; (2) prioritize 
electric utilities with fewer available resources due to size 
or region; and, (3) to the extent practicable, utilize and 
leverage existing Department of Energy programs.
    Section 2(c) states that information provided to, or 
collected by, the Federal government pursuant to this section, 
(1) shall be exempt from disclosure under section 552(b)(3) of 
title 5, United States Code; and (2) shall not be made 
available by any Federal, State, political subdivision, or 
tribal law requiring disclosure of information or records.

Section 3. Report on cybersecurity and distribution systems

    Section 3(a) directs the Secretary of Energy, in 
consultation with State regulatory authorities, industry 
stakeholders, and other Federal agencies the Secretary 
determines appropriate, shall submit to Congress a report that 
assesses (1) priorities, policies, procedures, and actions for 
enhancing the physical security and cybersecurity of 
electricity distribution systems to address threats to, and 
vulnerabilities of, such electricity distribution systems. 
Section 3(a)(2) further clarifies that this report will assess 
implementation of such priorities, policies, procedures, and 
actions, including an estimate of potential costs and benefits 
of such implementation, including any public-private cost-
sharing opportunities.
    Section 3(b) states that information provided to, or 
collected by, the Federal government pursuant to this section, 
(1) shall be exempt from disclosure under section 552(b)(3) of 
title 5, United States Code; and (2) shall not be made 
available by any Federal, State, political subdivision, or 
tribal law requiring disclosure of information or records.

Section 4. Electricity interruption information

    Section 4(a) directs that the Secretary of Energy, in 
consultation with the Federal Energy Regulatory Commission, 
State regulatory authorities, industry stakeholders, and other 
Federal agencies the Secretary determines appropriate, shall 
update the Interruption Cost Estimate Calculator, as often as 
appropriate and feasible, but not less than once every 2 years.
    Section 4(b) instructs that the Secretary of Energy, in 
consultation with the Federal Energy Regulatory Commission, 
State regulatory authorities, industry stakeholders, and other 
Federal agencies the Secretary determines appropriate, shall, 
as often as appropriate and feasible, update the following: (1) 
The System Average Interruption Duration Index, (2) The System 
Average Interruption Frequency Index, and (3) The Customer 
Average Interruption Index.
    Section 4(c) directs the Administrator of the Energy 
Information Administration to collect information on 
electricity interruption costs, if available, from a 
representative sample of owners of electric grid assets through 
biennial survey.

Section 5. Definitions

    For this legislation the term ``electric utility'' has the 
meaning given such term in section 3 of the Federal Power Act 
(16 U.S.C. 796). The term ``State regulatory authority'' has 
the meaning given such term in section 3 of the Federal Power 
Act (16 U.S.C. 796).

         CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED

    This legislation does not amend any existing Federal 
statute.

                                  [all]