(a) Definitions

In this section:

(1) Bulk-power system

The term “bulk-power system” has the meaning given the term in section 824o(a) of title 16.

(2) Program

The term “program” means the voluntary Energy Cyber Sense program established under subsection (b).

(b) Establishment

Ask a business law question, get an answer ASAP!
Thousands of highly rated, verified business lawyers.
Click here to chat with a lawyer about your rights.

Terms Used In 42 USC 18722

  • State: means a State, the District of Columbia, the Commonwealth of Puerto Rico, or any other territory or possession of the United States. See 1 USC 7

The Secretary, in coordination with the Secretary of Homeland Security and in consultation with the heads of other relevant Federal agencies, shall establish a voluntary Energy Cyber Sense program to test the cybersecurity of products and technologies intended for use in the energy sector, including in the bulk-power system.

(c) Program requirements

In carrying out subsection (b), the Secretary, in coordination with the Secretary of Homeland Security and in consultation with the heads of other relevant Federal agencies, shall—

(1) establish a testing process under the program to test the cybersecurity of products and technologies intended for use in the energy sector, including products relating to industrial control systems and operational technologies, such as supervisory control and data acquisition systems;

(2) for products and technologies tested under the program, establish and maintain cybersecurity vulnerability reporting processes and a related database that are integrated with Federal vulnerability coordination processes;

(3) provide technical assistance to electric utilities, product manufacturers, and other energy sector stakeholders to develop solutions to mitigate identified cybersecurity vulnerabilities in products and technologies tested under the program;

(4) biennially review products and technologies tested under the program for cybersecurity vulnerabilities and provide analysis with respect to how those products and technologies respond to and mitigate cyber threats;

(5) develop guidance that is informed by analysis and testing results under the program for electric utilities and other components of the energy sector for the procurement of products and technologies;

(6) provide reasonable notice to, and solicit comments from, the public prior to establishing or revising the testing process under the program;

(7) oversee the testing of products and technologies under the program; and

(8) consider incentives to encourage the use of analysis and results of testing under the program in the design of products and technologies for use in the energy sector.

(d) Protection of information

Information provided to, or collected by, the Federal Government pursuant to this section the disclosure of which the Secretary reasonably foresees could be detrimental to the physical security or cybersecurity of any component of the energy sector, including any electric utility or the bulk-power system—

(1) shall be exempt from disclosure under section 552(b)(3) of title 5; and

(2) shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.

(e) Federal Government liability

Nothing in this section authorizes the commencement of an action against the United States with respect to the testing of a product or technology under the program.