[Senate Report 116-147]
[From the U.S. Government Publishing Office]


                                                       Calendar No. 267
116th Congress  }                                            {   Report
                                 SENATE
 1st Session    }                                            {  116-147

======================================================================



 
    ENHANCING GRID SECURITY THROUGH PUBLIC-PRIVATE PARTNERSHIPS ACT

                                _______
                                

                October 24, 2019.--Ordered to be printed

                                _______
                                

        Ms. Murkowski, from the Committee on Energy and Natural 
                   Resources, submitted the following

                              R E P O R T

                         [To accompany S. 2095]

    The Committee on Energy and Natural Resources, to which was 
referred the bill (S. 2095) to provide for certain programs and 
developments in the Department of Energy concerning the 
cybersecurity and vulnerabilities of, and physical threats to, 
the electric grid, and for other purposes, having considered 
the same, reports favorably thereon without amendment and 
recommends that the bill do pass.

                                PURPOSE

    The purpose of S. 2095 is to provide for certain programs 
and developments in the Department of Energy (DOE) concerning 
the cybersecurity and vulnerabilities of, and physical threats 
to, the electric grid.

                          BACKGROUND AND NEED

    The United States' electric grid is comprised of a vast 
network of transmission and distribution systems that deliver 
electricity from producers to consumer homes and businesses. 
Many sectors of our economy, including healthcare and 
manufacturing, simply cannot operate without a reliable supply 
of electricity. As advances in digital and information 
technology continue to electrify our daily lives, our exposure 
to a potentially devastating cyber or physical attack on the 
grid increases.
    A number of federal agencies are responsible for protecting 
our electric grid from physical and cyber threats, including 
DOE and the Federal Energy Regulatory Commission (FERC). DOE 
works closely with electric sector owners and operators to 
detect and mitigate risks to critical electric infrastructure, 
and to develop tools and other resources to assist the sector 
in evaluating and improving their security preparedness. With 
the enactment of the Fixing America's Surface Transportation 
Act (Public Law 114-94) in 2015, Congress codified DOE as the 
Sector-Specific Agency for cybersecurity for the energy sector.
    With respect to FERC, the Energy Policy Act of 2005 (Public 
Law 109-58) created the Electric Reliability Organization (ERO) 
to develop mandatory reliability standards for the electric 
transmission system, including physical and cybersecurity 
standards. The law tasked FERC with approving and enforcing 
these mandatory standards--violations of which that can result 
in penalties of up to $1 million per violation per day.
    S. 2095 would facilitate and strengthen public-private 
partnerships to promote and advance the physical and cyber 
security of electric utilities. Specifically, S. 2095 would 
require DOE to consult with the electric industry and the ERO 
to carry out a program to assess the security of the grid, 
conduct cybersecurity training, advance supply chain 
cybersecurity, and share best practices.
    S. 2095 would also require DOE to submit a report to 
Congress on the physical and cyber threat vulnerabilities of 
the distribution system, which is not subject to the ERO's 
mandatory standards.

                          LEGISLATIVE HISTORY

    S. 2095 was introduced by Senators Gardner and Bennet on 
July 11, 2019. The Subcommittee on Energy held a hearing on the 
measure on September 11, 2019.
    Similar legislation, H.R. 359, was introduced in the House 
of Representatives by Representatives McNerney (D-CA) and Latta 
(R-OH) on January 9, 2019. H.R. 359 was referred to the Energy 
and Commerce Committee, which favorably reported the measure by 
voice vote on July 17, 2019.
    In the 115th Congress, Senators Gardner and Bennet 
introduced similar legislation, S. 3677, on November 29, 2018.
    H.R. 5240, was introduced in the House of Representatives 
by Representatives McNerney (D-CA) and Latta (R-OH) on March 9, 
2018. H.R. 5240 was referred to the Energy and Commerce 
Committee which favorably reported the measure by voice vote on 
June 28, 2018.
    The Senate Committee on Energy and Natural Resources met in 
open business session on September 25, 2019, and ordered S. 
2095 favorably reported.

                        COMMITTEE RECOMMENDATION

    The Senate Committee on Energy and Natural Resources, in 
open business session on September 25, 2019, by a majority 
voice vote of a quorum present, recommends that the Senate pass 
S. 2095.

                      SECTION-BY-SECTION ANALYSIS

Section 1. Short title

    Section 1 sets forth the short title of the bill.

Sec. 2. Definitions

    Section 2 provides key definitions.

Sec. 3. Program to promote and advance physical security and 
        cybersecurity of electric utilities

    Section 3(a) requires the Secretary, in consultation with 
State regulatory authorities, industry, the ERO, and other 
relevant Federal agencies, to carry out a program to promote 
and advance the physical security and cybersecurity of electric 
vehicles. The section specifies that the program is to develop 
and provide for the voluntary implementation of methods for 
assessing the physical and cybersecurity of electric utilities; 
assist with threat assessment and cybersecurity training; 
provide technical assistance; provide training for 
cybersecurity supply chain management risks; advance the 
cybersecurity of third-party vendors; and increase 
opportunities for sharing best practices and collecting data 
within the electric sector.
    Subsection (b) directs the Secretary to take into 
consideration the different sizes and regions of electric 
utilities and requires the Secretary to prioritize those 
electric utilities with fewer available resources. This 
subsection further requires the Secretary to use existing 
programs at DOE or other Federal agencies to the maximum extent 
practicable.
    Subsection (c) protects information provided to or 
collected by the Federal government under this section by 
exempting such information from Federal, State, and Tribal 
public information disclosure laws.

Sec. 4. Report on cybersecurity and distribution systems

    Section 4(a) requires the Secretary, in consultation with 
State regulatory authorities, industry, and other relevant 
Federal agencies, to submit a report to Congress that assesses 
priorities, policies, procedures, and actions for enhancing the 
physical security and cybersecurity of electricity distribution 
systems, and their implementation.
    Subsection (b) protects information provided to or 
collected by the Federal government under this section by 
exempting such information from Federal, State, and Tribal 
public information disclosure laws.

                   COST AND BUDGETARY CONSIDERATIONS

    The Congressional Budget Office estimate of the costs of 
this measure has been requested but was not received at the 
time the report was filed. When the Congressional Budget Office 
completes its cost estimate, it will be posted on the internet 
at www.cbo.gov.

                      REGULATORY IMPACT EVALUATION

    In compliance with paragraph 11(b) of rule XXVI of the 
Standing Rules of the Senate, the Committee makes the following 
evaluation of the regulatory impact which would be incurred in 
carrying out S. 2095. The bill is not a regulatory measure in 
the sense of imposing Government-established standards or 
significant economic responsibilities on private individuals 
and businesses.
    No personal information would be collected in administering 
the program. Therefore, there would be no impact on personal 
privacy.
    Little, if any, additional paperwork would result from the 
enactment of S. 2095, as ordered reported.

                   CONGRESSIONALLY DIRECTED SPENDING

    S. 2095, as ordered reported, does not contain any 
congressionally directed spending items, limited tax benefits, 
or limited tariff benefits as defined in rule XLIV of the 
Standing Rules of the Senate.

                        EXECUTIVE COMMUNICATIONS

    The testimony provided by the Department of Energy at the 
September 11, 2019, hearing on S. 2095 follows:

Testimony of Under Secretary of Energy Mark W. Menezes, U.S. Department 
                               of Energy


                              introduction


    Chairman Cassidy, Ranking Member Heinrich, and Members of 
the Subcommittee, it is a privilege and an honor to serve at 
the Department of Energy (DOE or the Department), which is 
tasked with, among other important responsibilities: overseeing 
the Nation's nuclear energy research and development programs; 
creating and sustaining American leadership in the transition 
to a global clean energy economy; working effectively with the 
States on our Nation's energy challenges; and supporting our 
current, and developing our Nation's future, energy workforce. 
Thank you for the opportunity to testify today on behalf of the 
Department regarding legislation pertinent to DOE that is now 
pending in the Senate.
    I have been asked to testify on nine (9) bills today. The 
Administration continues to review all of these bills. I 
appreciate the ongoing bipartisan efforts to address our 
Nation's energy challenges and I look forward to working with 
the Committee.


                      interactions with the states


    DOE has a long and successful history of working with 
States on the Nation's most significant energy challenges. DOE 
has provided support for State and local governments to develop 
and refine energy assurance plans, build in-house expertise on 
infrastructure interdependencies (i.e., other critical 
infrastructure systems' reliance on electricity for operations) 
and vulnerabilities, integrate renewable energy, address 
challenges associated with premature nuclear power plant 
retirements and opportunities associated with advanced nuclear 
deployment, and utilize new applications such as cyber and 
smart grid technologies.
S. 2095--Enhancing Grid Security through Public-Private Partnerships 
        Act
    One of the most critical missions at DOE is developing the 
science and technology to successfully counter the ever-
evolving, increasing threat of cyber and other attacks on our 
networks, data, facilities, and infrastructure. DOE works 
closely with our Federal agency partners, as well as 
governments at the State, local, tribal and territorial 
government levels, industry, academic institutions, and 
National Laboratory partners to accomplish this mission. This 
bill provides for certain activities in the Department 
concerning cybersecurity and vulnerabilities of, and physical 
threats to, the electric grid. It creates a program related to 
physical security and cybersecurity of electric utilities.
    The Department will continue to review the legislation and 
looks forward to working with Congress as the legislative 
process moves forward.


                               conclusion


    Thank you again for the opportunity to be here today. The 
Department appreciates the ongoing bipartisan efforts to 
address our Nation's energy challenges, and looks forward to 
working with the Committee on the legislation on today's agenda 
and any future legislation. I would be happy to answer your 
questions.

                        CHANGES IN EXISTING LAW

    In compliance with paragraph 12 of rule XXVI of the 
Standing Rules of the Senate, the Committee notes that no 
changes in existing law are made by S. 2095 as ordered 
reported.

                                  [all]