U.S. Congress - Text of S.1342 as Placed on Calendar Senate Grid Cyber Security Act
The easiest way to email your members of Congress
Donate NowS.1342 - Grid Cyber Security Act
An original bill to amend the Federal Power Act to protect the bulk-power system and electric infrastructure critical to the defense of the United States against cybersecurity and other threats and vulnerabilities.
Loading Bill Text
Rollover any line of text to comment and/or link to it.
S 1342 PCSCommentsClose CommentsPermalink
Calendar No. 101CommentsClose CommentsPermalink
112th CONGRESSCommentsClose CommentsPermalink
1st SessionCommentsClose CommentsPermalink
S. 1342CommentsClose CommentsPermalink
[Report No. 112-34]CommentsClose CommentsPermalink
To amend the Federal Power Act to protect the bulk-power system and electric infrastructure critical to the defense of the United States against cybersecurity and other threats and vulnerabilities.CommentsClose CommentsPermalink
IN THE SENATE OF THE UNITED STATESCommentsClose CommentsPermalink
July 11, 2011CommentsClose CommentsPermalink
July 11, 2011CommentsClose CommentsPermalink
Mr. BINGAMAN, from the Committee on Energy and Natural Resources, reported the following original bill; which was read twice and placed on the calendarCommentsClose CommentsPermalink
A BILLCommentsClose CommentsPermalink
To amend the Federal Power Act to protect the bulk-power system and electric infrastructure critical to the defense of the United States against cybersecurity and other threats and vulnerabilities.CommentsClose CommentsPermalink
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,CommentsClose CommentsPermalink
SECTION 1. SHORT TITLE.
This Act may be cited as the ‘Grid Cyber Security Act’.CommentsClose CommentsPermalink
SEC. 2. CRITICAL ELECTRIC INFRASTRUCTURE.
Part II of the Federal Power Act (
‘SEC. 224. CRITICAL ELECTRIC INFRASTRUCTURE.
‘(a) Definitions- In this section:CommentsClose CommentsPermalink
‘(1) CRITICAL ELECTRIC INFRASTRUCTURE- The term ‘critical electric infrastructure’ means systems and assets, whether physical or virtual, used for the generation, transmission, or distribution of electric energy affecting interstate commerce that, as determined by the Commission or the Secretary (as appropriate), are so vital to the United States that the incapacity or destruction of the systems and assets would have a debilitating impact on national security, national economic security, or national public health or safety.CommentsClose CommentsPermalink
‘(2) CRITICAL ELECTRIC INFRASTRUCTURE INFORMATION- The term ‘critical electric infrastructure information’ means critical infrastructure information relating to critical electric infrastructure.CommentsClose CommentsPermalink
‘(3) CRITICAL INFRASTRUCTURE INFORMATION- The term ‘critical infrastructure information’ has the meaning given the term in section 212 of the Critical Infrastructure Information Act of 2002 (
6 U.S.C. 131 ).CommentsClose CommentsPermalink‘(4) CYBER SECURITY THREAT- The term ‘cyber security threat’ means the imminent danger of an act that disrupts, attempts to disrupt, or poses a significant risk of disrupting the operation of programmable electronic devices or communications networks (including hardware, software, and data) essential to the reliable operation of critical electric infrastructure.CommentsClose CommentsPermalink
‘(5) CYBER SECURITY VULNERABILITY- The term ‘cyber security vulnerability’ means a weakness or flaw in the design or operation of any programmable electronic device or communication network that exposes critical electric infrastructure to a cyber security threat.CommentsClose CommentsPermalink
‘(6) ELECTRIC RELIABILITY ORGANIZATION- The term ‘Electric Reliability Organization’ has the meaning given the term in section 215(a).CommentsClose CommentsPermalink
‘(7) SECRETARY- The term ‘Secretary’ means the Secretary of Energy.CommentsClose CommentsPermalink
‘(b) Authority of Commission-CommentsClose CommentsPermalink
‘(1) INITIAL DETERMINATION- Not later than 120 days after the date of enactment of this section, the Commission shall determine whether reliability standards established pursuant to section 215 are adequate to protect critical electric infrastructure from cyber security vulnerabilities.CommentsClose CommentsPermalink
‘(2) INITIAL ORDER- Unless the Commission determines that the reliability standards established pursuant to section 215 are adequate to protect critical electric infrastructure from cyber security vulnerabilities within 120 days after the date of enactment of this section, the Commission shall order the Electric Reliability Organization to submit to the Commission, not later than 180 days after the date of issuance of the order, a proposed reliability standard or a modification to a reliability standard that will provide adequate protection of critical electric infrastructure from cyber security vulnerabilities.CommentsClose CommentsPermalink
‘(3) SUBSEQUENT DETERMINATIONS AND ORDERS- If at any time following the issuance of the initial order under paragraph (2) the Commission determines that the reliability standards established pursuant to section 215 are inadequate to protect critical electric infrastructure from a cyber security vulnerability, the Commission shall order the Electric Reliability Organization to submit to the Commission, not later than 180 days after the date of the determination, a proposed reliability standard or a modification to a reliability standard that will provide adequate protection of critical electric infrastructure from the cyber security vulnerability.CommentsClose CommentsPermalink
‘(4) RELIABILITY STANDARDS- Any proposed reliability standard or modification to a reliability standard submitted pursuant to paragraph (2) or (3) shall be developed and approved in accordance with section 215(d).CommentsClose CommentsPermalink
‘(5) ADDITIONAL TIME- The Commission may, by order, grant the Electric Reliability Organization reasonable additional time to submit a proposed reliability standard or a modification to a reliability standard under paragraph (2) or (3).CommentsClose CommentsPermalink
‘(c) Emergency Authority of Secretary-CommentsClose CommentsPermalink
‘(1) IN GENERAL- If the Secretary determines that immediate action is necessary to protect critical electric infrastructure from a cyber security threat, the Secretary may require, by order, with or without notice, persons subject to the jurisdiction of the Commission under this section to take such actions as the Secretary determines will best avert or mitigate the cyber security threat.CommentsClose CommentsPermalink
‘(2) COORDINATION WITH CANADA AND MEXICO- In exercising the authority granted under this subsection, the Secretary is encouraged to consult and coordinate with the appropriate officials in Canada and Mexico responsible for the protection of cyber security of the interconnected North American electricity grid.CommentsClose CommentsPermalink
‘(3) CONSULTATION- Before exercising the authority granted under this subsection, to the extent practicable, taking into account the nature of the threat and urgency of need for action, the Secretary shall consult with the entities described in subsection (e)(1) and with officials at other Federal agencies, as appropriate, regarding implementation of actions that will effectively address the identified cyber security threat.CommentsClose CommentsPermalink
‘(4) COST RECOVERY- The Commission shall establish a mechanism that permits public utilities to recover prudently incurred costs required to implement immediate actions ordered by the Secretary under this subsection.CommentsClose CommentsPermalink
‘(d) Duration of Expedited or Emergency Rules or Orders- Any order issued by the Secretary under subsection (c) shall remain effective for not more than 90 days unless, during the 90 day-period, the Secretary--CommentsClose CommentsPermalink
‘(1) gives interested persons an opportunity to submit written data, views, or arguments; andCommentsClose CommentsPermalink
‘(2) affirms, amends, or repeals the rule or order.CommentsClose CommentsPermalink
‘(e) Jurisdiction-CommentsClose CommentsPermalink
‘(1) IN GENERAL- Notwithstanding section 201, this section shall apply to any entity that owns, controls, or operates critical electric infrastructure.CommentsClose CommentsPermalink
‘(2) COVERED ENTITIES-CommentsClose CommentsPermalink
‘(A) IN GENERAL- An entity described in paragraph (1) shall be subject to the jurisdiction of the Commission for purposes of--CommentsClose CommentsPermalink
‘(i) carrying out this section; andCommentsClose CommentsPermalink
‘(ii) applying the enforcement authorities of this Act with respect to this section.CommentsClose CommentsPermalink
‘(B) JURISDICTION- This subsection shall not make an electric utility or any other entity subject to the jurisdiction of the Commission for any other purpose.CommentsClose CommentsPermalink
‘(3) ALASKA AND HAWAII EXCLUDED- Except as provided in subsection (f), nothing in this section shall apply in the State of Alaska or Hawaii.CommentsClose CommentsPermalink
‘(f) Defense Facilities- Not later than 1 year after the date of enactment of this section, the Secretary of Defense shall prepare, in consultation with the Secretary, the States of Alaska and Hawaii, the Territory of Guam, and the electric utilities that serve national defense facilities in those States and Territory, a comprehensive plan that identifies the emergency measures or actions that will be taken to protect the reliability of the electric power supply of the national defense facilities located in those States and Territory in the event of an imminent cybersecurity threat.CommentsClose CommentsPermalink
‘(g) Protection of Critical Electric Infrastructure Information-CommentsClose CommentsPermalink
‘(1) IN GENERAL- Section 214 of the Critical Infrastructure Information Act of 2002 (
6 U.S.C. 133 ) shall apply to critical electric infrastructure information submitted to the Commission or the Secretary under this section, or developed by a Federal power marketing administration or the Tennessee Valley Authority under this section or section 215, to the same extent as that section applies to critical infrastructure information voluntarily submitted to the Department of Homeland Security under that Act (6 U.S.C. 131 et seq.).CommentsClose CommentsPermalink‘(2) RULES PROHIBITING DISCLOSURE- Notwithstanding
section 552 of title 5, United States Code , the Secretary and the Commission shall prescribe regulations prohibiting disclosure of information obtained or developed in ensuring cyber security under this section if the Secretary or Commission, as appropriate, decides disclosing the information would be detrimental to the security of critical electric infrastructure.CommentsClose CommentsPermalink‘(3) PROCEDURES FOR SHARING INFORMATION-CommentsClose CommentsPermalink
‘(A) IN GENERAL- The Secretary and the Commission shall establish procedures on the release of critical infrastructure information to entities subject to this section, to the extent necessary to enable the entities to implement rules or orders of the Commission or the Secretary.CommentsClose CommentsPermalink
‘(B) REQUIREMENTS- The procedures shall--CommentsClose CommentsPermalink
‘(i) limit the redissemination of information described in subparagraph (A) to ensure that the information is not used for an unauthorized purpose;CommentsClose CommentsPermalink
‘(ii) ensure the security and confidentiality of the information;CommentsClose CommentsPermalink
‘(iii) protect the constitutional and statutory rights of any individuals who are subjects of the information; andCommentsClose CommentsPermalink
‘(iv) provide data integrity through the timely removal and destruction of obsolete or erroneous names and information.CommentsClose CommentsPermalink
‘(h) Access to Classified Information-CommentsClose CommentsPermalink
‘(1) AUTHORIZATION REQUIRED- No person shall be provided with access to classified information (as defined in section 6.1 of Executive Order 13526 (
50 U.S.C. 435 note; relating to classified national security information)) relating to cyber security threats or cyber security vulnerabilities under this section without the appropriate security clearances.CommentsClose CommentsPermalink‘(2) SECURITY CLEARANCES- The appropriate Federal agencies or departments shall cooperate with the Secretary or the Commission, to the maximum extent practicable consistent with applicable procedures and requirements, in expeditiously providing appropriate security clearances to individuals that have a need-to-know (as defined in section 6.1 of that Executive Order) classified information to carry out this section.’.CommentsClose CommentsPermalink
SEC. 3. LIMITED ADDITION OF ERO AUTHORITY FOR CRITICAL ELECTRIC INFRASTRUCTURE.
Section 215(a)(1) of the Federal Power Act (
(1) in the first sentence--CommentsClose CommentsPermalink
(A) by redesignating subparagraphs (A) and (B) as clauses (i) and (ii), respectively, and indenting appropriately;CommentsClose CommentsPermalink
(B) by striking ‘(1) The term’ and inserting the following:CommentsClose CommentsPermalink
‘(1) BULK-POWER SYSTEM-CommentsClose CommentsPermalink
‘(A) IN GENERAL- The term’;CommentsClose CommentsPermalink
(C) in clause (i) (as so redesignated), by striking ‘and’ after the semicolon at the end;CommentsClose CommentsPermalink
(D) in clause (ii) (as so redesignated), by striking the period at the end and inserting ‘; and’;CommentsClose CommentsPermalink
(E) by adding at the end the following:CommentsClose CommentsPermalink
‘(iii) for purposes of section 224, facilities used for the local distribution of electric energy that the Commission determines to be critical electric infrastructure pursuant to section 224.’; andCommentsClose CommentsPermalink
(2) in the second sentence, by striking ‘The term’ and inserting the following:CommentsClose CommentsPermalink
‘(B) EXCLUSION- Except as provided in subparagraph (A), the term’.CommentsClose CommentsPermalink
SEC. 4. LIMITATION.
Section 215(i) of the Federal Power Act (
‘(6) LIMITATION- The ERO shall have authority to develop and enforce compliance with reliability standards and temporary emergency orders with respect to a facility used in the local distribution of electric energy only to the extent the Commission determines the facility is so vital to the United States that the incapacity or destruction of the facility would have a debilitating impact on national security, national economic security, or national public health or safety.’.CommentsClose CommentsPermalink
SEC. 5. TEMPORARY EMERGENCY ORDERS FOR CYBER SECURITY VULNERABILITIES.
Section 215(d) of the Federal Power Act (
‘(7) TEMPORARY EMERGENCY ORDERS FOR CYBER SECURITY VULNERABILITIES- Notwithstanding paragraphs (1) through (6), if the Commission determines that immediate action is necessary to protect critical electric infrastructure for a cyber security vulnerability, the Commission may, without prior notice or hearing, after consulting the ERO, require the ERO--CommentsClose CommentsPermalink
‘(A) to develop and issue a temporary emergency order to address the cyber security vulnerability;CommentsClose CommentsPermalink
‘(B) to make the temporary emergency order immediately effective; andCommentsClose CommentsPermalink
‘(C) to keep the temporary emergency order in effect until--CommentsClose CommentsPermalink
‘(i) the ERO develops, and the Commission approves, a final reliability standard under this section; orCommentsClose CommentsPermalink
‘(ii) the Commission authorizes the ERO to withdraw the temporary emergency order.’.CommentsClose CommentsPermalink
SEC. 6. EMP STUDY.
(a) DOE Report- Not later than 3 years after the date of enactment of this Act, the Secretary of Energy, in consultation with appropriate experts at the National Laboratories (as defined in section 2 of the Energy Policy Act of 2005 (
(b) Contents- The report under subsection (a) shall--CommentsClose CommentsPermalink
(1) examine the risk of electromagnetic pulse events and geomagnetic disturbances, using both computer-based simulations and experimental testing;CommentsClose CommentsPermalink
(2) assess the full spectrum of possible events and disturbances and the likelihood that the events and disturbances would cause significant disruption to the transmission and distribution of electric power; andCommentsClose CommentsPermalink
(3) seek to quantify and reduce uncertainties associated with estimates for electromagnetic pulse events and geomagnetic disturbances.CommentsClose CommentsPermalink
(c) FERC Assessment- Not later than 1 year after publication of the report under subsection (a), the Federal Energy Regulatory Commission, in coordination with the Secretary of Energy and in consultation with electric utilities and the ERO (as defined in section 215(a) of the Federal Power Act (
SEC. 7. BUDGETARY EFFECTS.
The budgetary effects of this Act, for the purpose of complying with the Statutory Pay-As-You-Go-Act of 2010, shall be determined by reference to the latest statement titled ‘Budgetary Effects of PAYGO Legislation’ for this Act, submitted for printing in the Congressional Record by the Chairman of the Senate Budget Committee, provided that such statement has been submitted prior to the vote on passage.CommentsClose CommentsPermalink
Calendar No. 101CommentsClose CommentsPermalink
112th CONGRESSCommentsClose CommentsPermalink
1st SessionCommentsClose CommentsPermalink
S. 1342CommentsClose CommentsPermalink
[Report No. 112-34]CommentsClose CommentsPermalink
A BILLCommentsClose CommentsPermalink
To amend the Federal Power Act to protect the bulk-power system and electric infrastructure critical to the defense of the United States against cybersecurity and other threats and vulnerabilities.CommentsClose CommentsPermalink
July 11, 2011CommentsClose CommentsPermalink
July 11, 2011CommentsClose CommentsPermalink
Read twice and placed on the calendarCommentsClose CommentsPermalink
Vote on This Bill
-
Share This Bill
More Share via Email
OC Blog Articles Related To This Bill
- Coburn vs. Big Corn Jun 14, 2011
- Despite Health/Safety Issues, Congress Rushing to Promote Natural Gas Apr 25, 2011
- OC's AdTracker on the Bizarre Alaska Senate Race Nov 02, 2010
- Renewable Energy Legislation Comes Back to Life Sep 24, 2010
- RaceTracker is Up-To-Date for Aug. 24th Primaries Aug 24, 2010