On Wednesday, March 14, the House Energy & Commerce Committee’s Energy Subcommittee (the “Subcommittee”) held a hearing entitled: “DOE Modernization: Legislation Addressing Cybersecurity and Emergency Response,” and reviewed four bills. Each bill contains key cybersecurity provisions, many of which were highlighted during the hearing. The hearing, which featured two witness panels consisting of government and industry stakeholders, examined the following four bipartisan bills:
-
H.R. 5174, Energy Emergency Leadership Act
-
H.R. 5175, Pipeline and LNG Facility Cybersecurity Preparedness Act
-
H.R. 5239, Cyber Sense Act
-
H.R. 5240, Enhancing Grid Security through Public-Private Partnerships Act
H.R. 5174 would amend the DOE Organization Act to require that an Assistant Secretary of Energy be formally assigned certain energy security functions, including cybersecurity responsibilities. H.R. 5175 would authorize DOE to coordinate the response to cyber incidents impacting U.S. pipelines and liquefied natural gas (“LNG”) facilities, including the development of related policies and procedures. The bill would authorize DOE to develop advanced cybersecurity applications and technologies to protect pipeline infrastructure and to perform associated pilot demonstration projects. H.R. 5239 would direct DOE to establish a voluntary “Cyber Sense” program to identify, test, and promote cyber-secure products used in the bulk-power system. The bill would also require DOE to provide related technical assistance and product guidance to industry stakeholders under the Cyber Sense program. H.R. 5240 directs DOE to establish a program to facilitate and promote cybersecurity-related public-private partnerships in the electric utility sector.
In his opening remarks, Subcommittee Chairman Upton (R-MI) reiterated the Subcommittee’s desire to bring DOE’s existing cybersecurity authorities and capabilities up to date to address existing and emerging threats to U.S. energy infrastructure. In expressing his support for the four bills under consideration, Full Committee Chairman Walden (R-OR) highlighted the importance of collaboration and coordination between government and industry stakeholders. This view was reinforced by multiple hearing witnesses, including DOE Under Secretary Mark Menezes, who described the Cybersecurity Risk Information Sharing Program (“CRISP”), a public-private partnership, as a leading example of collaboration. Scott Aaronson of the Edison Electric Institute and Tristan Vance of the Indiana Office of Energy Development also testified to the importance of public-private partnerships in facilitating greater information sharing and coordination between industry and government stakeholders.
None of the bills are currently scheduled for legislative markup.
