[Senate Report 116-196]
[From the U.S. Government Publishing Office]


                                                       Calendar No. 356
                                                     
116th Congress  }                                             {  Report
                                 SENATE
 2d Session     }                                             { 116-196

======================================================================



 
PROTECTING RESOURCES ON THE ELECTRIC GRID WITH CYBERSECURITY TECHNOLOGY 
                              ACT OF 2019

                                _______
                                

                January 7, 2020.--Ordered to be printed

                                _______
                                

  Ms. Murkowski, from the Committee on Energy and Natural Resources, 
                        submitted the following

                              R E P O R T

                         [To accompany S. 2556]

    The Committee on Energy and Natural Resources, to which was 
referred the bill (S. 2556) to amend the Federal Power Act to 
provide energy cybersecurity investment incentives, to 
establish a grant and technical assistance program for 
cybersecurity investments, and for other purposes, having 
considered the same, reports favorably thereon with an 
amendment in the nature of a substitute and recommends that the 
bill, as amended, do pass.

                               Amendment

    The amendment is as follows:
    Strike all after the enacting clause and insert the 
following:

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Protecting Resources On The Electric 
grid with Cybersecurity Technology Act of 2019'' or the ``PROTECT Act 
of 2019''.

SEC. 2. INCENTIVES FOR ADVANCED CYBERSECURITY TECHNOLOGY INVESTMENT.

    Part II of the Federal Power Act is amended by inserting after 
section 219 (16 U.S.C. 824s) the following:

``SEC. 219A. INCENTIVES FOR CYBERSECURITY INVESTMENTS.

    ``(a) Definitions.--In this section:
          ``(1) Advanced cybersecurity technology.--The term `advanced 
        cybersecurity technology' means any technology, operational 
        capability, or service, including computer hardware, software, 
        or a related asset, that enhances the security posture of 
        public utilities through improvements in the ability to protect 
        against, detect, respond to, or recover from a cybersecurity 
        threat (as defined in section 102 of the Cybersecurity Act of 
        2015 (6 U.S.C. 1501)).
          ``(2) Advanced cybersecurity technology information.--The 
        term `advanced cybersecurity technology information' means 
        information relating to advanced cybersecurity technology or 
        proposed advanced cybersecurity technology that is generated by 
        or provided to the Commission or another Federal agency.
    ``(b) Study.--Not later than 180 days after the date of enactment 
of this section, the Commission, in consultation with the Secretary of 
Energy, the North American Electric Reliability Corporation, the 
Electricity Subsector Coordinating Council, and the National 
Association of Regulatory Utility Commissioners, shall conduct a study 
to identify incentive-based, including performance-based, rate 
treatments for the transmission and sale of electric energy subject to 
the jurisdiction of the Commission that could be used to encourage--
          ``(1) investment by public utilities in advanced 
        cybersecurity technology; and
          ``(2) participation by public utilities in cybersecurity 
        threat information sharing programs.
    ``(c) Incentive-Based Rate Treatment.--Not later than 1 year after 
the completion of the study under subsection (b), the Commission shall 
establish, by rule, incentive-based, including performance-based, rate 
treatments for the transmission of electric energy in interstate 
commerce and the sale of electric energy at wholesale in interstate 
commerce by public utilities for the purpose of benefitting consumers 
by encouraging--
          ``(1) investments by public utilities in advanced 
        cybersecurity technology; and
          ``(2) participation by public utilities in cybersecurity 
        threat information sharing programs.
    ``(d) Factors for Consideration.--In issuing a rule pursuant to 
this section, the Commission may provide additional incentives beyond 
those identified in subsection (c) in any case in which the Commission 
determines that an investment in advanced cybersecurity technology or 
information sharing program costs will reduce cybersecurity risks to--
          ``(1) defense critical electric infrastructure (as defined in 
        section 215A(a)) and other facilities subject to the 
        jurisdiction of the Commission that are critical to public 
        safety, national defense, or homeland security, as determined 
        by the Commission in consultation with--
                  ``(A) the Secretary of Energy; and
                  ``(B) appropriate Federal agencies; and
          ``(2) facilities of small or medium-sized public utilities 
        with limited cybersecurity resources, as determined by the 
        Commission.
    ``(e) Ratepayer Protection.--
          ``(1) In general.--Any rate approved under a rule issued 
        pursuant to this section, including any revisions to that rule, 
        shall be subject to the requirements of sections 205 and 206 
        that all rates, charges, terms, and conditions--
                  ``(A) shall be just and reasonable; and
                  ``(B) shall not be unduly discriminatory or 
                preferential.
          ``(2) Prohibition of duplicate recovery.--Any rule issued 
        pursuant to this section shall preclude rate treatments that 
        allow unjust and unreasonable double recovery for advanced 
        cybersecurity technology.
    ``(f) Single-Issue Rate Filings.--The Commission shall permit 
public utilities to apply for incentive-based rate treatment under a 
rule issued under this section on a single-issue basis by submitting to 
the Commission a tariff schedule under section 205 that permits 
recovery of costs and incentives over the depreciable life of the 
applicable assets, without regard to changes in receipts or other costs 
of the public utility.
    ``(g) Protection of Information.--Advanced cybersecurity technology 
information that is provided to, generated by, or collected by the 
Federal Government under subsection (b), (c), or (f) shall be 
considered to be critical electric infrastructure information under 
section 215A.''.

SEC. 3. RURAL AND MUNICIPAL UTILITY ADVANCED CYBERSECURITY GRANT AND 
                    TECHNICAL ASSISTANCE PROGRAM.

    (a) Definitions.--In this section:
          (1) Advanced cybersecurity technology.--The term ``advanced 
        cybersecurity technology'' means any technology, operational 
        capability, or service, including computer hardware, software, 
        or a related asset, that enhances the security posture of 
        electric utilities through improvements in the ability to 
        protect against, detect, respond to, or recover from a 
        cybersecurity threat (as defined in section 102 of the 
        Cybersecurity Act of 2015 (6 U.S.C. 1501)).
          (2) Eligible entity.--The term ``eligible entity'' means--
                  (A) a rural electric cooperative;
                  (B) a utility owned by a political subdivision of a 
                State, such as a municipally owned electric utility;
                  (C) a utility owned by any agency, authority, 
                corporation, or instrumentality of 1 or more political 
                subdivisions of a State;
                  (D) a not-for-profit entity that is in a partnership 
                with not fewer than 6 entities described in 
                subparagraph (A), (B), or (C); and
                  (E) an investor-owned electric utility that sells 
                less than 4,000,000 megawatt hours of electricity per 
                year.
          (3) Program.--The term ``Program'' means the Rural and 
        Municipal Utility Advanced Cybersecurity Grant and Technical 
        Assistance Program established under subsection (b).
          (4) Secretary.--The term ``Secretary'' means the Secretary of 
        Energy.
    (b) Establishment.--Not later than 180 days after the date of 
enactment of this Act, the Secretary, in consultation with the Federal 
Energy Regulatory Commission, the North American Electric Reliability 
Corporation, and the Electricity Subsector Coordinating Council, shall 
establish a program, to be known as the ``Rural and Municipal Utility 
Advanced Cybersecurity Grant and Technical Assistance Program'', to 
provide grants and technical assistance to, and enter into cooperative 
agreements with, eligible entities to protect against, detect, respond 
to, and recover from cybersecurity threats.
    (c) Objectives.--The objectives of the Program shall be--
          (1) to deploy advanced cybersecurity technologies for 
        electric utility systems; and
          (2) to increase the participation of eligible entities in 
        cybersecurity threat information sharing programs.
    (d) Awards.--
          (1) In general.--The Secretary--
                  (A) shall award grants and provide technical 
                assistance under the Program to eligible entities on a 
                competitive basis;
                  (B) shall develop criteria and a formula for awarding 
                grants and providing technical assistance under the 
                Program;
                  (C) may enter into cooperative agreements with 
                eligible entities that can facilitate the objectives 
                described in subsection (c); and
                  (D) shall establish a process to ensure that all 
                eligible entities are informed about and can become 
                aware of opportunities to receive grants or technical 
                assistance under the Program.
          (2) Priority for grants and technical assistance.--In 
        awarding grants and providing technical assistance under the 
        Program, the Secretary shall give priority to an eligible 
        entity that, as determined by the Secretary--
                  (A) has limited cybersecurity resources;
                  (B) owns assets critical to the reliability of the 
                bulk power system; or
                  (C) owns defense critical electric infrastructure (as 
                defined in section 215A(a) of the Federal Power Act (16 
                U.S.C. 824o-1(a))).
    (e) Protection of Information.--Information provided to, or 
collected by, the Federal Government under this section--
          (1) shall be exempt from disclosure under section 552(b)(3) 
        of title 5, United States Code; and
          (2) shall not be made available by any Federal agency, State, 
        political subdivision of a State, or Tribal authority under any 
        applicable law requiring public disclosure of information or 
        records.
    (f) Funding.--There is authorized to be appropriated to carry out 
this section $50,000,000 for each of fiscal years 2020 through 2024, to 
remain available until expended.

                                Purpose

    The purpose of S. 2556 is to amend the Federal Power Act 
(FPA, 16 U.S.C. 791a et seq.) to provide energy cybersecurity 
investment incentives and to establish a grant and technical 
assistance program for cybersecurity investments by electric 
utilities.

                          Background and Need

    The United States electric grid is comprised of a vast 
network of transmission and distribution systems that deliver 
electricity from producers to consumer homes and businesses. 
Many sectors of our economy, including healthcare and 
manufacturing, simply cannot operate without a reliable supply 
of electricity. As advances in digital and information 
technology continue to electrify our daily lives, our exposure 
to a potentially devastating cyber or physical attack on the 
grid increases.
    A number of Federal agencies are responsible for protecting 
our electric grid from physical and cyber threats, including 
the Department of Energy (DOE) and the Federal Energy 
Regulatory Commission (FERC or Commission). DOE works closely 
with electric sector owners and operators to detect and 
mitigate risks to critical electric infrastructure, and to 
develop tools and other resources to assist the sector in 
evaluating and improving their security preparedness. Section 
61003(c)(2) of the Fixing America's Surface Transportation Act 
(Public Law 114-94; 6 U.S.C. 121 note) in 2015, Congress 
codified DOE as the Sector-Specific Agency for cybersecurity 
for the energy sector.
    With respect to FERC, section 1211 of the Energy Policy Act 
of 2005 (EPAct '05, Public Law 109-58) added section 215 to the 
Federal Power Act, which authorized the Commission to certify 
an Electric Reliability Organization to develop mandatory 
reliability standards for the electric transmission system, 
including physical and cybersecurity standards. The law tasked 
FERC with approving and enforcing these mandatory standards--
violations of which can result in penalties of up to $1 million 
per violation per day. FERC also approves rates for electric 
transmission services by investor-owned utilities. Part of the 
costs included in a utility's transmission rates are costs 
associated with investments to protect the grid from 
cybersecurity threats.
    S. 2556 enhances electric grid security by strengthening 
the cybersecurity partnership between industry and government 
and facilitating the deployment of advanced cybersecurity 
technology. Specifically, the bill directs FERC to issue a 
rulemaking to incentivize investments in advanced cybersecurity 
technology that enhance the security posture of public 
utilities regulated by FERC. The rule will make these 
incentives available for advanced cybersecurity technology 
investments in facilities for the transmission and sale of 
electric energy subject to the jurisdiction of the Commission. 
With respect to electricity sales, the Commission will have the 
discretion to make such incentives available for cost-based 
sales, market-based sales, or both. The Commission will ensure 
these incentives do not permit duplicate recovery of 
investments.
    The bill also establishes a grant and technical assistance 
program at DOE to deploy advanced cybersecurity technology on 
the electric systems of utilities that are not regulated by 
FERC, such as cooperatives and municipal utilities, as well as 
small investor-owned utilities that sell less than four million 
megawatt hours of electricity per year.

                          Legislative History

    S. 2556 was introduced by Senators Murkowski, Manchin, 
Risch, Cantwell, and King on September 26, 2019. The 
Subcommittee on Energy held a hearing on S. 2556 on November 6, 
2019.
    The Senate Committee on Energy and Natural Resources met in 
open business session on November 19, 2019, and ordered S. 2556 
favorably reported, as amended.

                        Committee Recommendation

    The Senate Committee on Energy and Natural Resources, in 
open business session on November 19, 2019, by a majority voice 
vote of a quorum present, recommends that the Senate pass S. 
2556, if amended as described herein. Senator Lee asked to be 
recorded as voting no.

                          Committee Amendment

    During its consideration of S. 2556, the Committee adopted 
an amendment in the nature of a substitute.
    The substitute amendment provides that incentives for 
investments in advanced cybersecurity technology will be made 
available by FERC to rates for both the transmission and sale 
of electric energy under its jurisdiction. As introduced, S. 
2556, the PROTECT Act, limited such incentives to transmission 
rates. With respect to rates for electricity sales, the 
Commission will have the discretion to make such incentives 
available for cost-based sales, market-based sales, or both. 
The Commission will ensure these incentives do not permit 
duplicate recovery of investments.
    The substitute amendment also expands the eligibility for 
the Rural and Municipal Utility Advanced Cybersecurity Grant 
and Technical Assistance Program under section 3 to investor-
owned electric utilities that sell less than four million 
megawatt hours of electricity per year.

                      Section-by-Section Analysis


Section 1. Short title

    Section 1 sets forth the short title of the bill.

Section 2. Incentives for Advanced Cybersecurity Technology Investment

    Section 2 amends the FPA by adding a new section 219A, 
titled ``Incentives For Cybersecurity Investments.''
    The new section 219A(a) defines relevant terms.
    The new section 219A(b) directs FERC, in consultation with 
the Secretary of Energy (Secretary), the North American 
Electric Reliability Corporation (NERC), the Electricity 
Subsector Coordinating Council (ESCC), and the National 
Association of Regulatory Utility Commissioners to conduct a 
study to identify incentive-based rate treatments that could be 
used to encourage investments in advanced cybersecurity 
technology or participation in cybersecurity threat information 
sharing programs.
    The new section 219A(c) directs FERC to establish 
incentive-based rates to encourage investments in advanced 
cybersecurity technology and participation in cybersecurity 
threat information sharing programs.
    The new section 219A(d) authorizes FERC to provide greater 
incentives for any investments in advanced cybersecurity 
technology that would reduce cybersecurity risks to defense 
critical electric infrastructure or facilities of small or 
medium-sized utilities with limited cybersecurity resources.
    The new section 219A(e) provides that all rates established 
under section 219A shall be subject to the ratepayer protection 
requirements of sections 205 and 206 of the FPA. It also 
prohibits public utilities from receiving double recovery of 
investments in advanced cybersecurity technology.
    The new section 219A(f) specifies that a public utility may 
apply for incentive-based rate treatment under this section on 
a single-issue basis rather than requiring a full examination 
of a utility's rates normally required by section 205 of the 
FPA.
    The new section 219A(g) states that any information 
concerning advanced cybersecurity technology that is provided 
to, generated by, or collected by the Federal Government under 
this section will be considered critical electric 
infrastructure information under the FPA.

Section 3. Rural and Municipal Utility Advanced Cybersecurity Grant and 
        Technical Assistance Program

    Section 3(a) defines relevant terms.
    Subsection (b) directs the Secretary, in consultation with 
FERC, NERC, and the ESCC to establish a program to provide 
grants and technical assistance to eligible entities to protect 
against, detect, respond to, and recover from cybersecurity 
threats.
    Subsection (c) states that the program's objectives are to 
deploy advanced cybersecurity technology for electric utility 
systems and to increase the participation in cybersecurity 
threat information sharing programs.
    Subsection (d) directs the Secretary to award grants and 
provide technical assistance on a competitive basis, develop 
criteria for grant and technical assistance applications, and 
ensure that all eligible entities are informed about 
opportunities to receive grants or technical assistance. The 
subsection also provides that priority for the grants and 
technical assistance will be given to eligible entities with 
limited cybersecurity resources and those that own defense 
critical electric infrastructure or other assets critical to 
grid reliability.
    Subsection (e) provides that information provided to, or 
collected by, the Federal Government under the program shall be 
exempt from public disclosure.
    Subsection (f) authorizes $50 million for each of fiscal 
years 2020 through 2024 to carry out this section.

                   Cost and Budgetary Considerations

    The Congressional Budget Office estimate of the costs of 
this measure has been requested but was not received at the 
time the report was filed. When the Congressional Budget Office 
completes its cost estimate, it will be posted on the internet 
at www.cbo.gov.

                      Regulatory Impact Evaluation

    In compliance with paragraph 11(b) of rule XXVI of the 
Standing Rules of the Senate, the Committee makes the following 
evaluation of the regulatory impact which would be incurred in 
carrying out S. 2556. The bill is not a regulatory measure in 
the sense of imposing Government-established standards or 
significant economic responsibilities on private individuals 
and businesses.
    No personal information would be collected in administering 
the program. Therefore, there would be no impact on personal 
privacy.
    Little, if any, additional paperwork would result from the 
enactment of S. 2556, as ordered reported.

                   Congressionally Directed Spending

    S. 2556, as ordered reported, does not contain any 
congressionally directed spending items, limited tax benefits, 
or limited tariff benefits as defined in rule XLIV of the 
Standing Rules of the Senate.

                        Executive Communications

    The testimony provided by the Department of Energy at the 
November 6, 2019, hearing on S. 2556 follows:

   Testimony of Assistant Secretary Daniel Simmons Office of Energy 
 Efficiency and Renewable Energy U.S. Department of Energy Before the 
Committee on Energy and Natural Resources Subcommittee on Energy United 
                     States Senate November 6, 2019


                              introduction


    Chairman Cassidy, Ranking Member Heinrich, and Members of 
the Energy Subcommittee of the Committee on Energy and Natural 
Resources, thank you for the opportunity to testify today on 
legislation pertinent to the Department of Energy now pending 
in the Senate. My name is Daniel Simmons, and I am the 
Assistant Secretary for the Office of Energy Efficiency and 
Renewable Energy (EERE).
    As the Assistant Secretary, I am responsible for overseeing 
a broad portfolio of energy efficiency and renewable energy 
programs. The technologies in my portfolio advance America's 
economic growth and energy security while enhancing the 
reliability and resilience of the U.S. energy system. The 
Department of Energy supports improving the energy efficiency 
and reducing energy costs, while at the same time ensuring 
important performance standards are met or exceeded. For 
instance, we want to ensure schools and other buildings are 
sufficiently bright to ensure safety, and that water flow from 
faucets is strong enough to clean dirty hands. Today, I would 
like to share what relevant work my office has done and is 
doing in the areas that these bills address.
    I have been asked to testify on eleven (11) bills today, 
addressing a range of important energy issues. The 
Administration continues to review all of these bills. I 
appreciate the ongoing bipartisan efforts to address our 
Nation's energy challenges and I look forward to working with 
the Committee.


                                 bills


S. 2556--Protecting Resources On The Electric grid with Cybersecurity 
        Technology (PROTECT) Act
    S. 2556, or the PROTECT Act, amends the Federal Power Act 
to provide energy cybersecurity investment incentives, to 
establish a grant and technical assistance program for 
cybersecurity investments. The bill directs FERC to issue a 
rulemaking on rate incentives for advanced cybersecurity 
technology, which will enable and incentivize utilities to 
invest in new technologies that improve their cybersecurity 
defenses. It also establishes a DOE grant program for utilities 
that are not regulated by FERC to deploy advanced cybersecurity 
technology, such as electric cooperatives and municipal 
utilities.
    The Department will continue to review the legislation and 
looks forward to working with Congress as the legislative 
process moves forward.


                               conclusion


    Thank you again for the opportunity to testify before the 
Subcommittee today. The Department appreciates the ongoing 
bipartisan efforts to address our Nation's energy challenges, 
and looks forward to working with the Committee on the 
legislation on today's agenda and any future legislation. I 
would be happy to answer your questions.

                        Changes in Existing Law

    In compliance with paragraph 12 of rule XXVI of the 
Standing Rules of the Senate, the changes in existing law made 
by S. 2556, as reported, are shown as follows (existing law 
proposed to be omitted is enclosed in black brackets, new 
matter is printed in italic, existing law in which no change is 
proposed is shown in roman):

                           FEDERAL POWER ACT


The Act of June 10, 1920, Chapter 285, as Amended

           *       *       *       *       *       *       *


PART II--REGULATION OF ELECTRIC UTILITY COMPANIES ENGAGED IN INTERSTATE 
COMMERCE

           *       *       *       *       *       *       *



SEC. 219. TRANSMISSION INFRASTRUCTURE INVESTMENT.

    (a) Rulemaking Requirement.--Not later than 1 year after 
the date of enactment of this section, the Commission shall 
establish, by rule, incentive-based (including performance-
based) rate treatments for the transmission of electric energy 
in interstate commerce by public utilities for the purpose of 
benefitting consumers by ensuring reliability and reducing the 
cost of delivered power by reducing transmission congestion.
    (b) Contents.--The rule shall--
          (1) promote reliable and economically efficient 
        transmission and generation of electricity by promoting 
        capital investment in the enlargement, improvement, 
        maintenance, and operation of all facilities for the 
        transmission of electric energy in interstate commerce, 
        regardless of the ownership of the facilities;
          (2) provide a return on equity that attracts new 
        investment in transmission facilities (including 
        related transmission technologies);
          (3) encourage deployment of transmission technologies 
        and other measures to increase the capacity and 
        efficiency of existing transmission facilities and 
        improve the operation of the facilities; and
          (4) allow recovery of--
                  (A) all prudently incurred costs necessary to 
                comply with mandatory reliability standards 
                issued pursuant to section 215; and
                  (B) all prudently incurred costs related to 
                transmission infrastructure development 
                pursuant to section 216.
    (c) Incentives.--In the rule issued under this section, the 
Commission shall, to the extent within its jurisdiction, 
provide for incentives to each transmitting utility or electric 
utility that joins a Transmission Organization. The Commission 
shall ensure that any costs recoverable pursuant to this 
subsection may be recovered by such utility through the 
transmission rates charged by such utility or through the 
transmission rates charged by the Transmission Organization 
that provides transmission service to such utility.
    (d) Just and Reasonable Rates.--All rates approved under 
the rules adopted pursuant to this section, including any 
revisions to the rules, are subject to the requirements of 
sections 205 and 206 that all rates, charges, terms, and 
conditions be just and reasonable and not unduly discriminatory 
or preferential.

SEC. 219A. INCENTIVES FOR CYBERSECURITY INVESTMENTS.

    (a) Definitions.--In this section:
          (1) Advanced cybersecurity technology.--The term 
        `advanced cybersecurity technology' means any 
        technology, operational capability, or service, 
        including computer hardware, software, or a related 
        asset, that enhances the security posture of public 
        utilities through improvements in the ability to 
        protect against, detect, respond to, or recover from a 
        cybersecurity threat (as defined in section 102 of the 
        Cybersecurity Act of 2015 (6 U.S.C. 1501)).
          (2) Advanced cybersecurity technology information.--
        The term `advanced cybersecurity technology 
        information' means information relating to advanced 
        cybersecurity technology or proposed advanced 
        cybersecurity technology that is generated by or 
        provided to the Commission or another Federal agency.
    (b) Study.--Not later than 180 days after the date of 
enactment of this section, the Commission, in consultation with 
the Secretary of Energy, the North American Electric 
Reliability Corporation, the Electricity Subsector Coordinating 
Council, and the National Association of Regulatory Utility 
Commissioners, shall conduct a study to identify incentive-
based, including performance-based, rate treatments for the 
transmission and sale of electric energy subject to the 
jurisdiction of the Commission that could be used to 
encourage--
          (1) investment by public utilities in advanced 
        cybersecurity technology; and
          (2) participation by public utilities in 
        cybersecurity threat information sharing programs.
    (c) Incentive Based Rate Treatment.--Not later than 1 year 
after the completion of the study under subsection (b), the 
Commission shall establish, by rule, incentive-based, including 
performance-based, rate treatments for the transmission of 
electric energy in interstate commerce and the sale of electric 
energy at wholesale in interstate commerce by public utilities 
for the purpose of benefitting consumers by encouraging--
          (1) investments by public utilities in advanced 
        cybersecurity technology; and
          (2) participation by public utilities in 
        cybersecurity threat information sharing programs.
    (d) Factors for Consideration.--In issuing a rule pursuant 
to this section, the Commission may provide additional 
incentives beyond those identified in subsection (c) in any 
case in which the Commission determines that an investment in 
advanced cybersecurity technology or information sharing 
program costs will reduce cybersecurity risks to--
          (1) defense critical electric infrastructure (as 
        defined in section 215A(a)) and other facilities 
        subject to the jurisdiction of the Commission that are 
        critical to public safety, national defense, or 
        homeland security, as determined by the Commission in 
        consultation with--
                  (A) the Secretary of Energy; and
                  (B) appropriate Federal agencies; and
          (2) facilities of small or medium-sized public 
        utilities with limited cybersecurity resources, as 
        determined by the Commission.
    (e) Ratepayer Protection.--
          (1) In general.--Any rate approved under a rule 
        issued pursuant to this section, including any 
        revisions to that rule, shall be subject to the 
        requirements of sections 205 and 206 that all rates, 
        charges, terms, and conditions--
                  (A) shall be just and reasonable; and
                  (B) shall not be unduly discriminatory or 
                preferential.
          (2) Prohibition of duplicate recovery.--Any rule 
        issued pursuant to this section shall preclude rate 
        treatments that allow unjust and unreasonable double 
        recovery for advanced cybersecurity technology.
    (f) Single-Issue Rate Filings.--The Commission shall permit 
public utilities to apply for incentive-based rate treatment 
under a rule issued under this section on a single-issue basis 
by submitting to the Commission a tariff schedule under section 
205 that permits recovery of costs and incentives over the 
depreciable life of the applicable assets, without regard to 
changes in receipts or other costs of the public utility.
    (g) Protection of Information.--Advanced cybersecurity 
technology information that is provided to, generated by, or 
collected by the Federal Government under subsection (b), (c), 
or (f) shall be considered to be critical electric 
infrastructure information under section 215A.

           *       *       *       *       *       *       *