HR 5428 Introduced - Energy Security Research

Earlier this month Rep Lamb (D,PA) introduced HR 5428, the Grid Modernization Research and Development Act of 2019. The bill would direct Federal research on grid modernization and security. While not specifically a cybersecurity bill, there are provisions which could affect cybersecurity research efforts.

Definitions

Section 9 of the bill would add a new §1313, Definitions, to the Energy Independence and Security Act of 2007 (42 USC 17381 et. seq.). These definitions would only apply to Title XIII, Smart Grid, of the act, including most of the new sections added by this bill. There would be three definitions in that section:

• Critical facility;

• Distribution automation; and

• Resilience

Two of those definitions have potential cybersecurity ramifications:

‘Distribution automation’ means “systems and technologies that exert intelligent control over electrical grid functions at the distribution level” {new §1313(2)}; and

‘Resilience’ means “the ability to withstand and reduce the magnitude or duration of disruptive events, which includes the capability to anticipate, absorb, adapt to, or rapidly recover from such an event, including from deliberate attacks, accidents, and naturally occurring threats or incidents” {§1313(3)}

Regional Demonstration Initiative

Section 2 of the bill would amend 42 USC 17384, Smart grid technology research, development, and demonstration. The revisions would increase the scope of the current smart grid regional demonstration initiative to include “distribution automation, industrial control systems, dynamic line rating systems, grid redesign, and the integration of distributed energy resources" {revised §17384(b)(1)}. It would also add as a new goal for that initiative the encouragement of “commercial application of advanced distribution automation technologies that improve system resilience” {new §17384(b)(2)(F)}.

Section 10(b)(1) would include funding for this research and development effort; sharing in $170 million in 2020 and increasing to $185 million in 2024. DOE would be responsible for deciding the actual allocation of those funds.

NOTE: The definitions in this bill would apply to §17384.

Modeling, Visualization, Architecture, and Controls

Section 3 of the bill would add a new §1304a, Smart Grid Modeling, Visualization, Architecture, and Controls, to the Energy Independence and Security Act of 2007. This section would require DOE to “establish a program of research, development, demonstration, and commercial application on electric grid modeling, sensing, visualization, architecture development, and advanced operation and controls” {new §1304a(a)}.

The new research on modeling would include the development of {new §1304a(b)}:

• Models to analyze and predict the effects of adverse physical and cyber events on the electric grid; and

• Coupled models of electrical, physical, and cyber systems

Situational awareness research would include the “development of computational tools and technologies to improve sensing, monitoring, and visualization of the electric grid for real-time situational awareness and decision support tools that enable improved operation of the power system” {new §1304a(c)(1)}. DOE would “prioritize enhancing cyber and physical situational awareness of the electric grid during adverse manmade and naturally occurring events” {new §1304a(c)(3)}.

Research on grid architecture would cover a wide variety of topics but would specifically include {new §1304a(d)}:

• Increasing use of distributed resources owned by non-utility entities;

• The use of digital and automated controls not managed by grid operators;

• Analyzing the effects of changes to grid architectures resulting from modernizing electric grid systems, including communications, controls, markets, consumer choice, emergency response, electrification, and cybersecurity concerns; and

• Developing integrated grid architectures that incorporate system resilience for cyber, physical, and communications systems.

Section 10(b)(1) would include funding for this research and development effort; sharing in $170 million in 2020 and increasing to $185 million in 2024. DOE would be responsible for deciding the actual allocation of those funds.

Enhancing Grid Resilience and Emergency Response

Section 4 of the bill would add a new §1310, Grid Resilience and Emergency Response, to the Energy Independence and Security Act of 2007. This would require DOE to “establish a research, development, and demonstration program to enhance resilience and strengthen emergency response and management pertaining to the electric grid” {new §1310(a)}. This would include a research and development grant program directed at “improving the resilience and reliability of electric grid” {new §1310(b)}; among other goals with would include {new §1310(b)(3)}:

Developing tools to improve coordination between utilities and relevant Federal agencies to enable communication, information-sharing, and situational awareness in the event of a physical or cyberattack on the electric grid.

Specifically, this would include “development of methodologies to maintain cybersecurity during restoration of electric grid infrastructure and operation” {new §1310(d)(5)}.

There are no spending authorizations in this bill to support this research and development effort.

Grid Integration Research and Development

Section 6(a) of the bill would amend 42 USC 16215(a), Electric Transmission and Distribution Programs. It would add two new paragraphs, (10) and (11):

• The development of cost-effective technologies that enable two-way information and power flow between distributed energy resources and the electric grid; and

• The development of technologies and concepts that enable interoperability between distributed energy resources and other behind-the-meter devices and the electric grid

Section 6(b) would add a new §936, Research and Development into Integrating Renewable Energy onto the Electric Grid, to Energy Policy Act of 2005. It would require DOE to “establish a research, development, and demonstration program on technologies that enable integration of renewable energy generation sources onto the electric grid across multiple program offices of the Department” {new §936(a)}.

Section 6(c) would add a new §137, Research and Development into Integrating Electric Vehicles onto the Electric Grid, to the Energy Independence and Security Act of 2007. It would require DOE to “establish a research, development, and demonstration program to advance the integration of electric vehicles, including plugin hybrid electric vehicles, onto the electric grid” {new§137(a)}. It would also require DOE to conduct a study, and report to Congress, on “the research, development, and demonstration opportunities, challenges, and standards needed for integrating electric vehicles onto the electric grid” {new §137(b)}. One of the report requirements would be to address “the cybersecurity challenges and needs associated with electrifying the transportation sector” {new §137(b)(1)(E)}.

Section 6(d) would add a new §426, Advanced Integration of Buildings onto the Electric Grid, to Energy Independence and Security Act of 2007. It would require DOE to “establish a program of research, development, and demonstration to enable components of commercial and residential buildings to serve as dynamic energy loads on and resources for the electric grid” {new §426(a)}. Among the foci of the program DOE would be required to look at “protecting against cybersecurity threats and addressing security vulnerabilities of building systems or equipment” {new §426(a)(7)}.

Section 10(b)(3) of the bill would authorize $50 million in FY 2020 (rising to $60.8 million in 2024) for the research and development efforts outlined in §6 of the bill

None of the added sections in §6 of the bill would be affected by the definitions described earlier.

Moving Forward

Lamb is a member of the House Science, Space, and Technology Committee to which this bill has been assigned for consideration and is the Chair of the Energy Subcommittee. This means that it is very likely that the bill will be considered in his Subcommittee and probably by the full Committee. I do not see anything in this bill that would engender any organized opposition to this bill, particularly since the bill specifically prohibits DOE from requiring anyone from participating in any of the studies or implementing any of the study proposals.

Commentary

This is certainly not a cybersecurity bill, nor are the cybersecurity provisions that are included in any way central to the intent of this bill. What this bill does reflect, however, is an increasing awareness upon the part of the Committee Staff that cybersecurity has to be an integrated part of the energy research process if it is to be effective.

I am particularly heartened to see cybersecurity research to be an integral part of research into the integration of electric car charging systems and building control systems into the electric grid.