skip to main content

S. 2333: Energy Cybersecurity Act of 2019

The text of the bill below is as of Jul 30, 2019 (Introduced).


II

116th CONGRESS

1st Session

S. 2333

IN THE SENATE OF THE UNITED STATES

July 30, 2019

(for herself and Mr. Heinrich) introduced the following bill; which was read twice and referred to the Committee on Energy and Natural Resources

A BILL

To provide for enhanced energy grid security.

1.

Short title

This Act may be cited as the Energy Cybersecurity Act of 2019.

2.

Definitions

In this Act:

(1)

Department

The term Department means the Department of Energy.

(2)

Electric utility

The term electric utility has the meaning given the term in section 3 of the Federal Power Act (16 U.S.C. 796).

(3)

ES–ISAC

The term ES–ISAC means the Electricity Sector Information Sharing and Analysis Center.

(4)

National Laboratory

The term National Laboratory has the meaning given the term in section 2 of the Energy Policy Act of 2005 (42 U.S.C. 15801).

(5)

Secretary

The term Secretary means the Secretary of Energy.

3.

Enhanced grid security

(a)

Cybersecurity for the energy sector research, development, and demonstration program

(1)

In general

The Secretary, in consultation with appropriate Federal agencies, the energy sector, the States, and other stakeholders, shall carry out a program—

(A)

to develop advanced cybersecurity applications and technologies for the energy sector—

(i)

to identify and mitigate vulnerabilities, including—

(I)

dependencies on other critical infrastructure; and

(II)

impacts from weather and fuel supply; and

(ii)

to advance the security of field devices and third-party control systems, including—

(I)

systems for generation, transmission, distribution, end use, and market functions;

(II)

specific electric grid elements including advanced metering, demand response, distributed generation, and electricity storage;

(III)

forensic analysis of infected systems; and

(IV)

secure communications;

(B)

to leverage electric grid architecture as a means to assess risks to the energy sector, including by implementing an all-hazards approach to communications infrastructure, control systems architecture, and power systems architecture;

(C)

to perform pilot demonstration projects with the energy sector to gain experience with new technologies; and

(D)

to develop workforce development curricula for energy sector-related cybersecurity.

(2)

Authorization of appropriations

There is authorized to be appropriated to carry out this subsection $65,000,000 for each of fiscal years 2020 through 2028.

(b)

Energy sector component testing for cyberresilience program

(1)

In general

The Secretary shall carry out a program—

(A)

to establish a cybertesting and mitigation program to identify vulnerabilities of energy sector supply chain products to known threats;

(B)

to oversee third-party cybertesting; and

(C)

to develop procurement guidelines for energy sector supply chain components.

(2)

Authorization of appropriations

There is authorized to be appropriated to carry out this subsection $15,000,000 for each of fiscal years 2020 through 2028.

(c)

Energy sector operational support for cyberresilience program

(1)

In general

The Secretary may carry out a program—

(A)

to enhance and periodically test—

(i)

the emergency response capabilities of the Department; and

(ii)

the coordination of the Department with other agencies, the National Laboratories, and private industry;

(B)

to expand cooperation of the Department with the intelligence communities for energy sector-related threat collection and analysis;

(C)

to enhance the tools of the Department and ES–ISAC for monitoring the status of the energy sector;

(D)

to expand industry participation in ES–ISAC; and

(E)

to provide technical assistance to small electric utilities for purposes of assessing cybermaturity level.

(2)

Authorization of appropriations

There is authorized to be appropriated to carry out this subsection $10,000,000 for each of fiscal years 2020 through 2028.

(d)

Modeling and assessing energy infrastructure risk

(1)

In general

The Secretary shall develop an advanced energy security program to secure energy networks, including electric, natural gas, and oil exploration, transmission, and delivery.

(2)

Security and resiliency objective

The objective of the program developed under paragraph (1) is to increase the functional preservation of the electric grid operations or natural gas and oil operations in the face of natural and human-made threats and hazards, including electric magnetic pulse and geomagnetic disturbances.

(3)

Eligible activities

In carrying out the program developed under paragraph (1), the Secretary may—

(A)

develop capabilities to identify vulnerabilities and critical components that pose major risks to grid security if destroyed or impaired;

(B)

provide modeling at the national level to predict impacts from natural or human-made events;

(C)

develop a maturity model for physical security and cybersecurity;

(D)

conduct exercises and assessments to identify and mitigate vulnerabilities to the electric grid, including providing mitigation recommendations;

(E)

conduct research hardening solutions for critical components of the electric grid;

(F)

conduct research mitigation and recovery solutions for critical components of the electric grid; and

(G)

provide technical assistance to States and other entities for standards and risk analysis.

(4)

Authorization of appropriations

There is authorized to be appropriated to carry out this subsection $10,000,000 for each of fiscal years 2020 through 2028.

(e)

Leveraging existing programs

The programs established under this section shall be carried out consistent with—

(1)

the report of the Department entitled Roadmap to Achieve Energy Delivery Systems Cybersecurity and dated 2011;

(2)

existing programs of the Department; and

(3)

any associated strategic framework that links together academic and National Laboratory researchers, electric utilities, manufacturers, and any other relevant private industry organizations, including the Electricity Sub-sector Coordinating Council.

(f)

Study

(1)

In general

Not later than 180 days after the date of enactment of this Act, the Secretary, in consultation with the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation, shall conduct a study to explore alternative management structures and funding mechanisms to expand industry membership and participation in ES–ISAC.

(2)

Report

The Secretary shall submit to the appropriate committees of Congress a report describing the results of the study conducted under paragraph (1).