skip to main content

H.R. 2402 (114th): Protecting Critical Infrastructure Act

The text of the bill below is as of May 18, 2015 (Introduced).


I

114th CONGRESS

1st Session

H. R. 2402

IN THE HOUSE OF REPRESENTATIVES

May 18, 2015

(for herself and Mr. Gowdy) introduced the following bill; which was referred to the Committee on Energy and Commerce

A BILL

To amend the Federal Power Act to prohibit the public disclosure of protected information, and for other purposes.

1.

Short title

This Act may be cited as the Protecting Critical Infrastructure Act.

2.

Protection of information

(a)

In general

Part II of the Federal Power Act (16 U.S.C. 824 et seq.) is amended by adding after section 215 the following new section:

215A.

Protection of information

(a)

Protection of information

(1)

Prohibition of public disclosure of protected electric security information

Protected electric security information—

(A)

shall be exempt from disclosure under section 552(b)(3) of title 5, United States Code; and

(B)

shall not be made available by any State, local, or tribal authority pursuant to any State, local, or tribal law requiring disclosure of information or records.

(2)

Information sharing

(A)

In general

The Commission shall promulgate such regulations and issue such orders as necessary to designate protected electric security information and to prohibit the unauthorized disclosure of such protected electric security information.

(B)

Sharing of protected electric security information

The regulations promulgated and orders issued pursuant to subparagraph (A) shall provide standards for and authorize the appropriate voluntary sharing of protected electric security information with, between, and by Federal, State, local, and tribal authorities, the Electric Reliability Organization, regional entities, Information Sharing and Analysis Centers established pursuant to Presidential Decision Directive 63, owners, operators, and users of the bulk-power system in the United States, and other entities determined appropriate by the Commission. In promulgating such regulations and issuing such orders, the Commission shall take account of the role of State commissions in reviewing the prudence and cost of investments, determining the rates and terms of conditions for electric services, and ensuring the safety and reliability of the bulk-power system and distribution facilities within their respective jurisdictions. In promulgating such regulations and issuing such orders, the Commission may take into consideration the Controlled Unclassified Information framework established by the President. The Commission shall consult, as appropriate, with Canadian and Mexican authorities to develop protocols for the voluntary sharing of protected electric security information with, between, and by appropriate Canadian and Mexican authorities and owners, operators, and users of the bulk-power system outside the United States.

(3)

No required sharing of information

Nothing in this section shall require a person or entity in possession of protected electric security information to share such information with Federal, State, local, or tribal authorities, or any other person or entity.

(4)

Submission of information to Congress

Nothing in this section shall permit or authorize the withholding of information from Congress, any committee or subcommittee thereof, or the Comptroller General.

(5)

Disclosure of non-protected information

In implementing this section, the Commission shall protect from disclosure only the minimum amount of information necessary to protect the security and reliability of the bulk-power system and distribution facilities. The Commission shall segregate protected electric security information within documents and electronic communications, wherever feasible, to facilitate disclosure of information that is not designated as protected electric security information.

(6)

Duration of designation

Information may not be designated as protected electric security information for longer than 5 years, unless specifically redesignated by the Commission.

(7)

Removal of designation

The Commission shall remove the designation of protected electric security information, in whole or in part, from a document or electronic communication if the Commission determines that the unauthorized disclosure of such information could no longer be used to impair the security or reliability of the bulk-power system or distribution facilities.

(8)

Judicial review of designations

Notwithstanding section 313(b), any determination by the Commission concerning the designation of protected electric security information under this subsection shall be subject to review under chapter 7 of title 5, except that such review shall be brought in the district court of the United States in the district in which the complainant resides, or has his principal place of business, or in the District of Columbia. In such a case the court shall examine in camera the contents of documents or electronic communications that are the subject of the determination under review to determine whether such documents or any part thereof were improperly designated or not designated as protected electric security information.

(b)

Definitions

For purposes of this section:

(1)

Bulk-power system; electric Reliability Organization; regional entity

The terms bulk-power system, Electric Reliability Organization, and regional entity have the meanings given such terms in section 215.

(2)

Distribution facilities

The term distribution facilities means facilities used in the local distribution of electric energy.

(3)

Electromagnetic pulse

The term electromagnetic pulse means one or more pulses of electromagnetic energy emitted by a device capable of disabling, disrupting, or destroying electronic equipment by means of such a pulse.

(4)

Grid security threat

The term grid security threat means a substantial likelihood of—

(A)
(i)

a malicious act using electronic communication or an electromagnetic pulse that could disrupt the operation of those electronic devices or communications networks, including hardware, software, and data, that are essential to the security or reliability of the bulk-power system; and

(ii)

disruption of the operation of such devices or networks, with significant adverse effects on the security or reliability of the bulk-power system, as a result of such act or event; or

(B)
(i)

a direct physical attack on, or intentional interference with, the bulk-power system; and

(ii)

significant adverse effects on the security or reliability of the bulk-power system as a result of such physical attack or interference.

(5)

Grid security vulnerability

The term grid security vulnerability means a weakness in the bulk-power system that, in the event of—

(A)

a malicious act using electronic communication or an electromagnetic pulse, would pose a substantial risk of disruption to the operation of those electronic devices or communications networks, including hardware, software, data, and facilities, that are essential to the security or reliability of the bulk-power system; or

(B)

a direct physical attack, or intentional interference with, the bulk-power system, would pose a substantial risk of significant adverse effects on the security or reliability of the bulk-power system.

(6)

Protected electric security information

The term protected electric security information

(A)

means information generated by or provided to the Commission, other than classified national security information, that is designated as protected electric security information by the Commission under subsection (a)(2)—

(i)

that specifically discusses or identifies grid security threats, grid security vulnerabilities, or plans, procedures, or measures to address such threats or vulnerabilities; and

(ii)

the unauthorized disclosure of which could be used in a malicious manner to impair, attack, or interfere with the security or reliability of the bulk-power system or distribution facilities; and

(B)

includes data, modeling, or representations related to grid security that could be used to generate information described in subparagraph (A).

(7)

Security

The definition of security in section 3(16) shall not apply to the provisions in this section.

.

(b)

Conforming amendments

(1)

Jurisdiction

Section 201(b)(2) of the Federal Power Act (16 U.S.C. 824(b)(2)) is amended by inserting 215A, after 215, each place it appears.

(2)

Public utility

Section 201(e) of the Federal Power Act (16 U.S.C. 824(e)) is amended by inserting 215A, after 215,.