Why Should I Vote On BetterDistricts?

Polling is a powerful tool to help our elected officials determine how they should vote.

Standard polling methods don't give you the control that you deserve. With BetterDistricts you can show your representative exactly how strongly a bill is supported in your community.

Send a clear signal on how you want your government to work.

 

S. 79 - Securing Energy Infrastructure Act

Introduced: 2017-01-10
Bill Status: Placed on Senate Legislative Calendar under General Orders. Calendar No. 410.
 

Securing Energy Infrastructure Act

This bill establishes a two-year pilot program within the Department of Energy's (DOE)national laboratories to identify thesecurity vulnerabilities of certain entities in the energy sector, and research and test technology that can be used to isolate the most critical systems of such entities from cyber-attacks.

In addition,DOE must establish a working group to evaluate the technology solutions proposed by the national laboratories and to develop a national cyber strategy to isolate the energy grid from attacks.

DOE must also submit a report to Congress describing the results of the pilot program, assessing the feasibility of the techniques considered, and outlining the results of the working group's evaluation.

Full Text


115th CONGRESS
1st Session
S. 79


    To provide for the establishment of a pilot program to identify security vulnerabilities of certain entities in the energy sector.


IN THE SENATE OF THE UNITED STATES

January 10, 2017

    Mr. King (for himself, Mr. Risch, Mr. Heinrich, Ms. Collins, and Mr. Crapo) introduced the following bill; which was read twice and referred to the Committee on Energy and Natural Resources


A BILL

    To provide for the establishment of a pilot program to identify security vulnerabilities of certain entities in the energy sector.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Securing Energy Infrastructure Act”.

SEC. 2. Definitions.

In this Act:

(1) COVERED ENTITY.—The term “covered entity” means an entity identified pursuant to section 9(a) of Executive Order 13636 of February 12, 2013 (78 Fed. Reg. 11742) relating to identification of critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.

(2) EXPLOIT.—The term “exploit” means a software tool designed to take advantage of a security vulnerability.

(3) INDUSTRIAL CONTROL SYSTEM.—

(A) IN GENERAL.—The term “industrial control system” means an operational technology used to measure, control, or manage industrial functions.

(B) INCLUSIONS.—The term “industrial control system” includes supervisory control and data acquisition systems, distributed control systems, and programmable logic or embedded controllers.

(4) NATIONAL LABORATORY.—The term “National Laboratory” has the meaning given the term in section 2 of the Energy Policy Act of 2005 (42 U.S.C. 15801).

(5) PROGRAM.—The term “Program” means the pilot program established under section 3.

(6) SECRETARY.—The term “Secretary” means the Secretary of Energy.

(7) SECURITY VULNERABILITY.—The term “security vulnerability” means any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of a security control.

SEC. 3. Pilot program for securing energy infrastructure.

Not later than 180 days after the date of enactment of this Act, the Secretary shall establish a 2-year control systems implementation pilot program within the National Laboratories for the purposes of—

(1) partnering with covered entities in the energy sector (including critical component manufacturers in the supply chain) that voluntarily participate in the Program to identify new classes of security vulnerabilities of the covered entities; and

(2) researching, developing, testing, and implementing technology platforms and standards, in partnership with covered entities, to isolate and defend industrial control systems of covered entities from security vulnerabilities and exploits in the most critical systems of the covered entities, including—

(A) analog and non-digital control systems;

(B) purpose-built control systems; and

(C) physical controls.

SEC. 4. Working group.

(a) Establishment.—The Secretary shall establish a working group—

(1) to evaluate the technology platforms and standards used in the Program under section 3(2); and

(2) to develop a national cyber-informed engineering strategy to isolate and defend covered entities from security vulnerabilities and exploits in the most critical systems of the covered entities.

(b) Membership.—The working group established under subsection (a) shall be composed of not fewer than 10 members, to be appointed by the Secretary, at least 1 member of which shall represent each of the following:

(1) The Department of Energy.

(2) The energy industry, including electric utilities and manufacturers recommended by the Energy Sector coordinating councils.

(3)(A) The Department of Homeland Security; or

(B) the Industrial Control Systems Cyber Emergency Response Team.

(4) The North American Electric Reliability Corporation.

(5) The Nuclear Regulatory Commission.

(6)(A) The Office of the Director of National Intelligence; or

(B) the intelligence community (as defined in section 3 of the National Security Act of 1947 (50 U.S.C. 3003)).

(7)(A) The Department of Defense; or

(B) the Assistant Secretary of Defense for Homeland Security and America's Security Affairs.

(8) A State or regional energy agency.

(9) A national research body or academic institution.

(10) The National Laboratories.

SEC. 5. Report.

Not later than 2 years after the date on which funds are first disbursed under the Program, the Secretary shall submit to the appropriate committees of Congress a final report that—

(1) describes the results of the Program;

(2) includes an analysis of the feasibility of each method studied under the Program; and

(3) describes the results of the evaluations conducted by the working group established under section 4(a).

SEC. 6. No new regulatory authority.

Nothing in this Act authorizes the Secretary or the head of any other Federal agency to issue new regulations.

SEC. 7. Exemption from disclosure.

Information shared by or with the Federal Government or a State, tribal, or local government under this Act shall be—

(1) deemed to be voluntarily shared information; and

(2) exempt from disclosure under any provision of Federal, State, tribal, or local freedom of information law, open government law, open meetings law, open records law, sunshine law, or similar law requiring the disclosure of information or records.

SEC. 8. Protection from liability.

(a) In general.—A cause of action against a covered entity for engaging in the voluntary activities authorized under section 3—

(1) shall not lie or be maintained in any court; and

(2) shall be promptly dismissed by the applicable court.

(b) Voluntary activities.—Nothing in this Act subjects any covered entity to liability for not engaging in the voluntary activities authorized under section 3.

SEC. 9. Authorization of appropriations.

(a) Pilot Program.—There is authorized to be appropriated $10,000,000 to carry out section 3.

(b) Working Group and Report.—There is authorized to be appropriated $1,500,000 to carry out sections 4 and 5.

(c) Availability.—Amounts made available under subsections (a) and (b) shall remain available until expended.


Relevant News Stories And Blog Posts

Title Worth Reading

Vote on S. 79

 

Activity in last 30 days