Enhanced Grid Security Act of 2015
This bill designates the Department of Energy (DOE) as the lead Sector-Specific Agency for cybersecurity for the energy sector (this action comports with the presidential policy directive entitled "Critical Infrastructure Security and Resilience" dated February 12, 2013).
DOE shall:
DOE shall also implement within the energy sector cybertesting and cyberresilience programs that target:
DOE must develop an advanced energy security program that secures diverse energy networks in order to increase the functional preservation of the electric grid operations or natural gas and oil operations in the face of natural and human-made threats and hazards, including electric magnetic pulse and geomagnetic disturbances.
DOE shall study alternative management structures and funding mechanisms to expand industry membership and participation in ES-ISAC.
[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[S. 1241 Introduced in Senate (IS)]
114th CONGRESS
1st Session
S. 1241
To provide for the modernization, security, and resiliency of the
electric grid, to require the Secretary of Energy to carry out programs
for research, development, demonstration, and information-sharing for
cybersecurity for the energy sector, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
May 7, 2015
Ms. Cantwell introduced the following bill; which was read twice and
referred to the Committee on Energy and Natural Resources
_______________________________________________________________________
A BILL
To provide for the modernization, security, and resiliency of the
electric grid, to require the Secretary of Energy to carry out programs
for research, development, demonstration, and information-sharing for
cybersecurity for the energy sector, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Enhanced Grid Security Act of
2015''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Department.--The term ``Department'' means the
Department of Energy.
(2) Electric utility.--The term ``electric utility'' has
the meaning given the term in section 3 of the Federal Power
Act (16 U.S.C. 796).
(3) ES-ISAC.--The term ``ES-ISAC'' means the Electricity
Sector Information Sharing and Analysis Center.
(4) National laboratory.--The term ``National Laboratory''
has the meaning given the term in section 2 of the Energy
Policy Act of 2005 (42 U.S.C. 15801).
(5) Secretary.--The term ``Secretary'' means the Secretary
of Energy.
(6) Sector-specific agency.--The term ``Sector-Specific
Agency'' has the meaning given the term in the Presidential
policy directive entitled ``Critical Infrastructure Security
and Resilience'', numbered 21, and dated February 12, 2013.
SEC. 3. DESIGNATION OF DEPARTMENT OF ENERGY AS SECTOR-SPECIFIC AGENCY
FOR CYBERSECURITY FOR THE ENERGY SECTOR.
In accordance with the Presidential policy directive entitled
``Critical Infrastructure Security and Resilience'', numbered 21, and
dated February 12, 2013, and this Act, the Department shall be the lead
Sector-Specific Agency for cybersecurity for the energy sector.
SEC. 4. CYBERSECURITY FOR THE ENERGY SECTOR RESEARCH, DEVELOPMENT, AND
DEMONSTRATION PROGRAM.
The Secretary, in consultation with appropriate Federal agencies,
the energy sector, the States, and other stakeholders, shall carry out
a program--
(1) to develop advanced cybersecurity applications and
technologies for the energy sector--
(A) to identify and mitigate vulnerabilities,
including--
(i) dependencies on other critical
infrastructure; and
(ii) impacts from weather, climate change,
and fuel supply; and
(B) to advance the security of field devices and
third-party control systems, including--
(i) systems for generation, transmission,
distribution, end use, and market functions;
(ii) specific electric grid elements
including advanced metering, demand response,
distributed generation, and electricity
storage;
(iii) forensic analysis of infected
systems; and
(iv) secure communications;
(2) to leverage electric grid architecture as a means to
assess risks to the energy sector, including by implementing an
all-hazards approach to communications infrastructure, control
systems architecture, and power systems architecture;
(3) to perform pilot demonstration projects with the energy
sector to gain experience with new technologies; and
(4) to develop workforce development curricula for energy
sector-related cybersecurity.
SEC. 5. ENERGY SECTOR COMPONENT TESTING FOR CYBERRESILIENCE PROGRAM.
The Secretary shall carry out a program--
(1) to establish a cybertesting and mitigation program to
identify vulnerabilities of energy sector supply chain products
to known threats;
(2) to oversee third-party cybertesting; and
(3) to develop procurement guidelines for energy sector
supply chain components.
SEC. 6. ENERGY SECTOR OPERATIONAL SUPPORT FOR CYBERRESILIENCE PROGRAM.
The Secretary shall carry out a program--
(1) to enhance and periodically test--
(A) the emergency response capabilities of the
Department; and
(B) the coordination of the Department with other
agencies, the National Laboratories, and private
industry;
(2) to expand cooperation of the Department with the
intelligence communities for energy sector-related threat
collection and analysis;
(3) to enhance the tools of the Department and ES-ISAC for
monitoring the status of the energy sector;
(4) to expand industry participation in ES-ISAC; and
(5) to provide technical assistance to small electric
utilities for purposes of assessing cybermaturity posture.
SEC. 7. MODELING AND ASSESSING ENERGY INFRASTRUCTURE RISK.
(a) In General.--The Secretary shall develop an advanced energy
security program to secure energy networks, including electric, natural
gas, and oil exploration, transmission, and delivery.
(b) Security and Resiliency Objective.--The objective of the
program developed under subsection (a) is to increase the functional
preservation of the electric grid operations or natural gas and oil
operations in the face of natural and human-made threats and hazards,
including electric magnetic pulse and geomagnetic disturbances.
(c) Eligible Activities.--In carrying out the program developed
under subsection (a), the Secretary may--
(1) develop capabilities to identify vulnerabilities and
critical components that pose major risks to grid security if
destroyed or impaired;
(2) provide modeling at the national level to predict
impacts from natural or human-made events;
(3) develop a maturity model for physical security and
cybersecurity;
(4) conduct exercises and assessments to identify and
mitigate vulnerabilities to the electric grid, including
providing mitigation recommendations;
(5) conduct research hardening solutions for critical
components of the electric grid;
(6) conduct research mitigation and recovery solutions for
critical components of the electric grid; and
(7) provide technical assistance to States and other
entities for standards and risk analysis.
SEC. 8. LEVERAGING EXISTING PROGRAMS.
The programs established under this Act shall be carried out
consistent with--
(1) the report of the Department entitled ``Roadmap to
Achieve Energy Delivery Systems Cybersecurity'' and dated 2011;
(2) existing programs of the Department; and
(3) any associated strategic framework that links together
academic and National Laboratory researchers, electric
utilities, manufacturers, and any other relevant private
industry organizations.
SEC. 9. STUDY.
(a) In General.--Not later than 180 days after the date of
enactment of this Act, the Secretary, in consultation with the Federal
Energy Regulatory Commission and the North American Electric
Reliability Corporation, shall conduct a study to explore alternative
management structures and funding mechanisms to expand industry
membership and participation in ES-ISAC.
(b) Report.--The Secretary shall submit to the appropriate
committees of Congress a report describing the results of the study
conducted under subsection (a).
SEC. 10. AUTHORIZATION OF APPROPRIATIONS.
There is authorized to be appropriated to carry out this Act
$100,000,000 for each of fiscal years 2017 through 2022.
<all>
Introduced in Senate
Introduced in Senate
Read twice and referred to the Committee on Energy and Natural Resources.
Committee on Energy and Natural Resources. Hearings held. Hearings printed: S.Hrg. 114-344.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line