H. R. 2402
IN THE HOUSE OF REPRESENTATIVES
May 18, 2015
Ms. Lofgren (for herself and Mr. Gowdy) introduced the following bill; which was referred to the Committee on Energy and Commerce
To amend the Federal Power Act to prohibit the public disclosure of protected information, and for other purposes.
This Act may be cited as the
Protecting Critical Infrastructure Act.
Protection of information
Part II of the Federal Power Act (16 U.S.C. 824 et seq.) is amended by adding after section 215 the following new section:
Protection of information
Protection of information
Prohibition of public disclosure of protected electric security information
Protected electric security information—
shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and
shall not be made available by any State, local, or tribal authority pursuant to any State, local, or tribal law requiring disclosure of information or records.
The Commission shall promulgate such regulations and issue such orders as necessary to designate protected electric security information and to prohibit the unauthorized disclosure of such protected electric security information.
Sharing of protected electric security information
The regulations promulgated and orders issued pursuant to subparagraph (A) shall provide standards for and authorize the appropriate voluntary sharing of protected electric security information with, between, and by Federal, State, local, and tribal authorities, the Electric Reliability Organization, regional entities, Information Sharing and Analysis Centers established pursuant to Presidential Decision Directive 63, owners, operators, and users of the bulk-power system in the United States, and other entities determined appropriate by the Commission. In promulgating such regulations and issuing such orders, the Commission shall take account of the role of State commissions in reviewing the prudence and cost of investments, determining the rates and terms of conditions for electric services, and ensuring the safety and reliability of the bulk-power system and distribution facilities within their respective jurisdictions. In promulgating such regulations and issuing such orders, the Commission may take into consideration the Controlled Unclassified Information framework established by the President. The Commission shall consult, as appropriate, with Canadian and Mexican authorities to develop protocols for the voluntary sharing of protected electric security information with, between, and by appropriate Canadian and Mexican authorities and owners, operators, and users of the bulk-power system outside the United States.
No required sharing of information
Nothing in this section shall require a person or entity in possession of protected electric security information to share such information with Federal, State, local, or tribal authorities, or any other person or entity.
Submission of information to Congress
Nothing in this section shall permit or authorize the withholding of information from Congress, any committee or subcommittee thereof, or the Comptroller General.
Disclosure of non-protected information
In implementing this section, the Commission shall protect from disclosure only the minimum amount of information necessary to protect the security and reliability of the bulk-power system and distribution facilities. The Commission shall segregate protected electric security information within documents and electronic communications, wherever feasible, to facilitate disclosure of information that is not designated as protected electric security information.
Duration of designation
Information may not be designated as protected electric security information for longer than 5 years, unless specifically redesignated by the Commission.
Removal of designation
The Commission shall remove the designation of protected electric security information, in whole or in part, from a document or electronic communication if the Commission determines that the unauthorized disclosure of such information could no longer be used to impair the security or reliability of the bulk-power system or distribution facilities.
Judicial review of designations
Notwithstanding section 313(b), any determination by the Commission concerning the designation of protected electric security information under this subsection shall be subject to review under chapter 7 of title 5, except that such review shall be brought in the district court of the United States in the district in which the complainant resides, or has his principal place of business, or in the District of Columbia. In such a case the court shall examine in camera the contents of documents or electronic communications that are the subject of the determination under review to determine whether such documents or any part thereof were improperly designated or not designated as protected electric security information.
For purposes of this section:
Bulk-power system; electric Reliability Organization; regional entity
The terms bulk-power system, Electric Reliability Organization, and regional entity have the meanings given such terms in section 215.
The term distribution facilities means facilities used in the local distribution of electric energy.
The term electromagnetic pulse means one or more pulses of electromagnetic energy emitted by a device capable of disabling, disrupting, or destroying electronic equipment by means of such a pulse.
Grid security threat
The term grid security threat means a substantial likelihood of—
a malicious act using electronic communication or an electromagnetic pulse that could disrupt the operation of those electronic devices or communications networks, including hardware, software, and data, that are essential to the security or reliability of the bulk-power system; and
disruption of the operation of such devices or networks, with significant adverse effects on the security or reliability of the bulk-power system, as a result of such act or event; or
a direct physical attack on, or intentional interference with, the bulk-power system; and
significant adverse effects on the security or reliability of the bulk-power system as a result of such physical attack or interference.
Grid security vulnerability
The term grid security vulnerability means a weakness in the bulk-power system that, in the event of—
a malicious act using electronic communication or an electromagnetic pulse, would pose a substantial risk of disruption to the operation of those electronic devices or communications networks, including hardware, software, data, and facilities, that are essential to the security or reliability of the bulk-power system; or
a direct physical attack, or intentional interference with, the bulk-power system, would pose a substantial risk of significant adverse effects on the security or reliability of the bulk-power system.
Protected electric security information
The term protected electric security information—
means information generated by or provided to the Commission, other than classified national security information, that is designated as protected electric security information by the Commission under subsection (a)(2)—
that specifically discusses or identifies grid security threats, grid security vulnerabilities, or plans, procedures, or measures to address such threats or vulnerabilities; and
the unauthorized disclosure of which could be used in a malicious manner to impair, attack, or interfere with the security or reliability of the bulk-power system or distribution facilities; and
includes data, modeling, or representations related to grid security that could be used to generate information described in subparagraph (A).
The definition of
security in section 3(16) shall not apply to the provisions in this section.
Section 201(b)(2) of the Federal Power Act (16 U.S.C. 824(b)(2)) is amended by inserting
215, each place it appears.
Section 201(e) of the Federal Power Act (16 U.S.C. 824(e)) is amended by inserting