Plain English summary not yet available
The full original text is available below. Check back soon as we process this bill.
II
116TH CONGRESS
2D SESSION
S. 4795
To require the Secretary of Energy to establish a voluntary Cyber Sense
program to test the cybersecurity of products and technologies intended
for use in the bulk-power system, and for other purposes.
IN THE SENATE OF THE UNITED STATES
OCTOBER 1, 2020
Ms. ROSEN (for herself and Mr. HOEVEN) introduced the following bill; which
was read twice and referred to the Committee on Energy and Natural
Resources
A BILL
To require the Secretary of Energy to establish a voluntary
Cyber Sense program to test the cybersecurity of prod-
ucts and technologies intended for use in the bulk-power
system, and for other purposes.
Be it enacted by the Senate and House of Representa-
1
tives of the United States of America in Congress assembled,
2
SECTION 1. SHORT TITLE.
3
This Act may be cited as the ‘‘Cyber Sense Act of
4
2020’’.
5
SEC. 2. CYBER SENSE PROGRAM.
6
(a) DEFINITIONS.—In this section:
7
VerDate Sep 11 2014
03:45 Oct 17, 2020
Jkt 019200
PO 00000
Frm 00001
Fmt 6652
Sfmt 6201
E:\BILLS\S4795.IS
S4795
kjohnson on DSK79L0C42PROD with BILLS
2
•S 4795 IS
(1) BULK-POWER
SYSTEM.—The term ‘‘bulk-
1
power system’’ has the meaning given the term in
2
section 215(a) of the Federal Power Act (16 U.S.C.
3
824o(a)).
4
(2) CRITICAL
ELECTRIC
INFRASTRUCTURE.—
5
The term ‘‘critical electric infrastructure’’ has the
6
meaning given the term in section 215A(a) of the
7
Federal Power Act (16 U.S.C. 824o–1(a)).
8
(3) PROGRAM.—The term ‘‘program’’ means
9
the voluntary Cyber Sense program established
10
under subsection (b).
11
(4) SECRETARY.—The term ‘‘Secretary’’ means
12
the Secretary of Energy.
13
(b) ESTABLISHMENT.—The Secretary, in coordina-
14
tion with the heads of other relevant Federal agencies,
15
shall establish a voluntary Cyber Sense program to test
16
the cybersecurity of products and technologies intended
17
for use in the bulk-power system.
18
(c) PROGRAM REQUIREMENTS.—In carrying out sub-
19
section (b), the Secretary shall—
20
(1) establish a testing process under the pro-
21
gram to test the cybersecurity of products and tech-
22
nologies intended for use in the bulk-power system,
23
including products relating to industrial control sys-
24
VerDate Sep 11 2014
03:45 Oct 17, 2020
Jkt 019200
PO 00000
Frm 00002
Fmt 6652
Sfmt 6201
E:\BILLS\S4795.IS
S4795
kjohnson on DSK79L0C42PROD with BILLS
3
•S 4795 IS
tems and operational technologies, such as super-
1
visory control and data acquisition systems;
2
(2) for products and technologies tested under
3
the program, establish and maintain cybersecurity
4
vulnerability reporting processes and a related data-
5
base;
6
(3) provide technical assistance to electric utili-
7
ties, product manufacturers, and other electricity
8
sector stakeholders to develop solutions to mitigate
9
identified cybersecurity vulnerabilities in products
10
and technologies tested under the program;
11
(4) biennially review products and technologies
12
tested
under
the
program
for
cybersecurity
13
vulnerabilities and provide analysis with respect to
14
how those products and technologies respond to and
15
mitigate cyber threats;
16
(5) develop guidance that is informed by anal-
17
ysis and testing results under the program for elec-
18
tric utilities for the procurement of products and
19
technologies;
20
(6) provide reasonable notice to, and solicit
21
comments from, the public prior to establishing or
22
revising the testing process under the program;
23
(7) oversee the testing of products and tech-
24
nologies under the program; and
25
VerDate Sep 11 2014
03:45 Oct 17, 2020
Jkt 019200
PO 00000
Frm 00003
Fmt 6652
Sfmt 6201
E:\BILLS\S4795.IS
S4795
kjohnson on DSK79L0C42PROD with BILLS
4
•S 4795 IS
(8) consider incentives to encourage the use of
1
analysis and results of testing under the program in
2
the design of products and technologies for use in
3
the bulk-power system.
4
(d) DISCLOSURE OF INFORMATION.—Any cybersecu-
5
rity vulnerability reported pursuant to a process estab-
6
lished under subsection (c)(2), the disclosure of which the
7
Secretary reasonably foresees would cause harm to critical
8
electric infrastructure, shall be considered to be critical
9
electric infrastructure information for purposes of section
10
215A(d) of the Federal Power Act (16 U.S.C. 824o–1(d)).
11
(e) FEDERAL GOVERNMENT LIABILITY.—Nothing in
12
this section authorizes the commencement of an action
13
against the United States with respect to the testing of
14
a product or technology under the program.
15
Æ
VerDate Sep 11 2014
03:45 Oct 17, 2020
Jkt 019200
PO 00000
Frm 00004
Fmt 6652
Sfmt 6301
E:\BILLS\S4795.IS
S4795
kjohnson on DSK79L0C42PROD with BILLS