Monday, September 21, 2020

House to Consider Amended Version of HR 4447 – Grid Cybersecurity Additions

 The House Rules Committee approved a substitute language amendment for HR 4447, the Expanding Access to Sustainable Energy Act of 2019, today. The new language is a greatly expanded version of the bill that was approved by the House Energy and Commerce Committee on September 9th. What was a 10 page bill reported by the Committee will be an 894 page bill that will be debated and amended on the floor of the House later this week. The new pages include, among a lot of other things, some minor grid cybersecurity provisions.

Cybersecurity Additions

Among the additions to the bill is Title V, Subtitle C, Part 3, Grid Security Research and Development. The new Part 3 includes three sections:

§5341. Amendment to Energy Independence and Security Act of 2007.

§5342. Critical infrastructure research and construction.

§5343. Conforming amendment.

Section 5341 is very similar to a provision in HR 5760 that would have required DOE to carry out “a research, development, and demonstration program to protect the electric grid and energy systems, including assets connected to the distribution grid, from cyber and physical attacks” {new §1313(a)}.

One apparently minor difference between the different versions of the proposed amendment to EISA is found in outline of research areas of interest to be funded by the new research program in the new paragraph (b)(1). In the reported version of the bill it says:

“identify cybersecurity risks to the electricity sector, energy systems, and energy infrastructure;”

In the substitute language it was changed to read:

“identify cybersecurity risks to information systems within, and impacting, [emphasis added] the electricity sector, energy systems, and energy infrastructure;”

This actually brings the language more in line with the frequent references in the remainder of the sub-paragraph in both versions to ‘information systems’.

Section 5341 would also add the following sections to the EISA (similar to sections added by 5760)

§1314. Grid resilience and emergency response,

§1315. Best practices and guidance documents for energy sector cybersecurity research,

§1316. Vulnerability testing and technical assistance to improve cybersecurity,

§1317. Education and workforce training research and standards,

§1318. Interagency coordination and strategic plan for energy sector cybersecurity research,

§1319. Report to congress, and

§1320. Definitions.

Finally §5241 ends by authorizing appropriations for the program outlined in the section at the same levels as HR 5760 would have authorized.

Section 5342 is very similar to the provisions an amendment that was made in Committee to HR 5760. It would require DOE to “establish and operate an Energy Sector Critical Infrastructure Test Facility” {§5342(c)}.

Section 5343 is a housekeeping amendment adding the new provisions of the EISA table of contents.

Amendments Authorized

The Rules Committee adopted a rule for the consideration of this bill (and two others) that allows for limited debate and approved amendments to be submitted from the floor. There has only been one cybersecurity related amendment that has been authorized to be offered on the floor of the House:

12. Burgess (TX): Requires the Secretary of Energy to report to Congress on the effect of variable and distributed energy resources on the reliability of the electric grid, specifically pertaining to natural disasters and physical or cyber-attacks on the grid infrastructure. (10 minutes)

No comments:

/* Use this with templates/template-twocol.html */