This is the fourth in a series of posts about the
introduction of S 3688,
the Energy Infrastructure Protection Act of 2020. The earlier posts in the
series were:
S
3688 Introduced – Energy Infrastructure Security
S
3688 – Energy Infrastructure Security – CEII Changes
Disclosure Exceptions
In general, §234 provides that neither DOE nor FERC may
disclose Critical Energy Infrastructure Information (CEII), but paragraph (a)
provides a long list of exceptions of persons to whom CEII disclosure is
authorized. DOE and FERC are allowed to disclose CEII to {§234(a)(2)}:
• To the source of the information;
• To a party or participant in a proceeding before the Secretary or the Commission;
• To a party or participant in a proceeding before the Secretary or the Commission;
• To an individual who is an officer,
employee, agent, or contractor of the Secretary or the Commission;
• To an officer, employee, agent, or contractor of the Electric Reliability Organization, a regional entity; or an information sharing and analysis center;
• To an officer, employee, agent, or contractor of the Electric Reliability Organization, a regional entity; or an information sharing and analysis center;
• To an officer, employee, agent,
or contractor of the Federal Government;
• To the President, the National Security Council, a member of Congress, a Federal judge or magistrate, or any officer of the United States appointed by the President with the advice and consent of the Senate;
• To an individual who is an officer, employee, agent, or contractor of Congress, the Executive Office of the President, or a court created under article I or III of the Constitution of the United States;
• To a landowner the property of which has a boundary that is crossed by, or located within the vicinity of, energy infrastructure (with specific caveats);
• To the President, the National Security Council, a member of Congress, a Federal judge or magistrate, or any officer of the United States appointed by the President with the advice and consent of the Senate;
• To an individual who is an officer, employee, agent, or contractor of Congress, the Executive Office of the President, or a court created under article I or III of the Constitution of the United States;
• To a landowner the property of which has a boundary that is crossed by, or located within the vicinity of, energy infrastructure (with specific caveats);
• To an officer, employee, agent,
or contractor of an authority of a State, political subdivision, or Indian
Tribe, if each individual seeking access to the information has entered into a
nondisclosure agreement with the Secretary or Commission, as applicable;
• To an individual holding a security
clearance at the level of top secret or higher; or
• To any other individual, if the
source of the information has given express consent to the disclosure of the
information to the individual and there is an approved nondisclosure agreement
between the source of the information and the party to whom the information
will be released.
Subparagraph (a)(2)(B) provides a separate authority to
disclose CEII ‘academic, scientific or research purposes’ [actually, I think
that should have read ‘academic or scientific research purposes’ but I may be
mistaken]. That authorization is predicated upon:
• The receiving individual holds a
Top Secret clearance,
• The source of the information
provides specific consent, and
• There is a nondisclosure agreement
between the source of the information and the individual that will be provided
access to the CEII.
In both cases where a nondisclosure agreement between the
source of the information and the individual being provided access by DOE or
FERC, there is an additional requirement that the nondisclosure agreement must
be approved by an administrative law judge from DOE or FERC respectively.
Subparagraph (a)(2)(C) reiterates that the authority to
release CEII is not a requirement to release CEII to “any individual or entity”
{§234(a)(2)(C)(i)(I); DOE or FERC “may withhold disclosure of critical electric
infrastructure information at any time, for any reason, at the sole discretion
of the Secretary or the Commission, as applicable”.
Nondisclosure Agreements
Paragraph (b) of §234 establishes the standards for
nondisclosure agreements (NDAs) authorized or approved under the section. In
general, the NDAs will {§234(b)(1)}:
• Reflect the individual
circumstances concerning the parties to the agreement,
• Permit the auditing of compliance
with the agreement, and
• Be enforceable in law and equity
by any district court of the United States.
In addition to instances in paragraph (a) where NDAs are
require between recipients of CEII and the source of the information, subparagraph
(b)(3) allows DOE or FERC to require NDAs between recipients and the releasing
authority.
Disclosure of Indicators, Methods or Tools
Paragraph (c) allows DOE or FERC to “disclose indicators,
methods, and tools that have been used in penetrating or defending energy
infrastructure” as long as:
• The source of the information
consents to the release of that information; and
• The Secretary or the Commission,
as applicable, removes all information that would enable an individual to
identify the source of the information.
Again, we have reached a reasonable stopping point for this
post. There are only three more sections of the bill to go.
Posts
No comments:
Post a Comment