Securing Energy Infrastructure Act of 2017
This bill establishes a two-year pilot program within the Department of Energy's (DOE) national laboratories to (1) identify the security vulnerabilities of certain entities in the energy sector; and (2) research, develop, test, and implement technology that can be used to isolate the most critical systems of such entities from cyberattacks.
The bill also directs the Director of Intelligence and Counterintelligence of DOE to establish a working group to evaluate the technology solutions proposed by the national laboratories and to develop a national strategy to isolate the energy grid from attacks.
[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3958 Introduced in House (IH)]
<DOC>
115th CONGRESS
1st Session
H. R. 3958
To establish a pilot program on securing energy infrastructure, and for
other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
October 4, 2017
Mr. Ruppersberger (for himself and Mr. Carter of Texas) introduced the
following bill; which was referred to the Committee on Science, Space,
and Technology
_______________________________________________________________________
A BILL
To establish a pilot program on securing energy infrastructure, and for
other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Securing Energy Infrastructure Act
of 2017''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Covered entity.--The term ``covered entity'' means an
entity identified pursuant to section 9(a) of Executive Order
13636 of February 12, 2013 (78 Fed. Reg. 11742) relating to
identification of critical infrastructure where a cybersecurity
incident could reasonably result in catastrophic regional or
national effects on public health or safety, economic security,
or national security.
(2) Director.--Except as otherwise specifically provided,
the term ``Director'' means the Director of Intelligence and
Counterintelligence of the Department of Energy.
(3) Exploit.--The term ``exploit'' means a software tool
designed to take advantage of a security vulnerability.
(4) Industrial control system.--
(A) In general.--The term ``industrial control
system'' means an operational technology used to
measure, control, or manage industrial functions.
(B) Inclusions.--The term ``industrial control
system'' includes supervisory control and data
acquisition systems, distributed control systems, and
programmable logic or embedded controllers.
(5) National laboratory.--The term ``National Laboratory''
has the meaning given the term in section 2 of the Energy
Policy Act of 2005 (42 U.S.C. 15801).
(6) Program.--The term ``Program'' means the pilot program
established under section 3.
(7) Security vulnerability.--The term ``security
vulnerability'' means any attribute of hardware, software,
process, or procedure that could enable or facilitate the
defeat of a security control.
SEC. 3. PILOT PROGRAM FOR SECURING ENERGY INFRASTRUCTURE.
Not later than 180 days after the date of enactment of this Act,
the Director shall establish a 2-year control systems implementation
pilot program within the National Laboratories for the purposes of--
(1) partnering with covered entities in the energy sector
(including critical component manufacturers in the supply
chain) that voluntarily participate in the Program to identify
new classes of security vulnerabilities of the covered
entities; and
(2) researching, developing, testing, and implementing
technology platforms and standards, in partnership with covered
entities, to isolate and defend industrial control systems of
covered entities from security vulnerabilities and exploits in
the most critical systems of the covered entities, including--
(A) analog and nondigital control systems;
(B) purpose-built control systems; and
(C) physical controls.
SEC. 4. WORKING GROUP TO EVALUATE PROGRAM STANDARDS AND DEVELOP
STRATEGY.
(a) Establishment.--The Director shall establish a working group--
(1) to evaluate the technology platforms and standards used
in the Program under section 3(2); and
(2) to develop a national cyber-informed engineering
strategy to isolate and defend covered entities from security
vulnerabilities and exploits in the most critical systems of
the covered entities.
(b) Membership.--The working group established under subsection (a)
shall be composed of not fewer than 10 members, to be appointed by the
Director, at least 1 member of which shall represent each of the
following:
(1) The Department of Energy.
(2) The energy industry, including electric utilities and
manufacturers recommended by the Energy Sector coordinating
councils.
(3)(A) The Department of Homeland Security; or
(B) the Industrial Control Systems Cyber Emergency Response
Team.
(4) The North American Electric Reliability Corporation.
(5) The Nuclear Regulatory Commission.
(6)(A) The Office of the Director of National Intelligence;
or
(B) the intelligence community (as defined in section 3 of
the National Security Act of 1947 (50 U.S.C. 3003)).
(7)(A) The Department of Defense; or
(B) the Assistant Secretary of Defense for Homeland
Security and America's Security Affairs.
(8) A State or regional energy agency.
(9) A national research body or academic institution.
(10) The National Laboratories.
SEC. 5. REPORTS ON THE PROGRAM.
(a) Interim Report.--Not later than 180 days after the date on
which funds are first disbursed under the Program, the Director shall
submit to the appropriate committees of Congress an interim report
that--
(1) describes the results of the Program;
(2) includes an analysis of the feasibility of each method
studied under the Program; and
(3) describes the results of the evaluations conducted by
the working group established under section 4(a).
(b) Final Report.--Not later than 2 years after the date on which
funds are first disbursed under the Program, the Director shall submit
to the appropriate committees of Congress a final report that--
(1) describes the results of the Program;
(2) includes an analysis of the feasibility of each method
studied under the Program; and
(3) describes the results of the evaluations conducted by
the working group established under section 4(a).
(c) Appropriate Committees of Congress Defined.--In this section,
the term ``appropriate committees of Congress'' means--
(1) the congressional intelligence committees;
(2) the Committee on Energy and Natural Resources of the
Senate; and
(3) the Committee on Energy and Commerce of the House of
Representatives.
SEC. 6. NO NEW REGULATORY AUTHORITY FOR FEDERAL AGENCIES.
Nothing in this Act authorizes the Director or the head of any
other Federal agency to issue new regulations.
SEC. 7. EXEMPTION FROM DISCLOSURE.
Information shared by or with the Federal Government or a State,
tribal, or local government under this Act shall be--
(1) deemed to be voluntarily shared information; and
(2) exempt from disclosure under any provision of Federal,
State, tribal, or local freedom of information law, open
government law, open meetings law, open records law, sunshine
law, or similar law requiring the disclosure of information or
records.
SEC. 8. PROTECTION FROM LIABILITY.
(a) In General.--A cause of action against a covered entity for
engaging in the voluntary activities authorized under section 3--
(1) shall not lie or be maintained in any court; and
(2) shall be promptly dismissed by the applicable court.
(b) Voluntary Activities.--Nothing in this Act subjects any covered
entity to liability for not engaging in the voluntary activities
authorized under section 3.
SEC. 9. AUTHORIZATION OF APPROPRIATIONS.
(a) Pilot Program.--There is authorized to be appropriated
$10,000,000 to carry out section 3.
(b) Working Group and Report.--There is authorized to be
appropriated $1,500,000 to carry out sections 4 and 5.
(c) Availability.--Amounts made available under subsections (a) and
(b) shall remain available until expended.
<all>
Introduced in House
Introduced in House
Referred to the House Committee on Science, Space, and Technology.
Referred to the Subcommittee on Energy.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line