Enhancing grid security through public-private partnerships
Don't show this message again
(a) DefinitionsIn this section:
(1) Bulk-power system; Electric Reliability Organization
The terms “bulk-power system” and “Electric Reliability Organization” has the meaning given the terms in section 824o(a) of title 16.
(2) Electric utility; State regulatory authority
The terms “electric utility” and “State regulatory authority” have the meanings given the terms in section 796 of title 16.
(b) Program to promote and advance physical security and cybersecurity of electric utilities
(1) EstablishmentThe Secretary, in coordination with the Secretary of Homeland Security and in consultation with, as the Secretary determines to be appropriate, the heads of other relevant Federal agencies, State regulatory authorities, industry stakeholders, and the Electric Reliability Organization, shall carry out a program—
(A)
to develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities;
(B)
to assist with threat assessment and cybersecurity training for electric utilities;
(C)
to provide technical assistance for electric utilities subject to the program;
(D)
to provide training to electric utilities to address and mitigate cybersecurity supply chain management risks;
(E)
to advance, in partnership with electric utilities, the cybersecurity of third-party vendors that manufacture components of the electric grid;
(F)
to increase opportunities for sharing best practices and data collection within the electric sector; and
(G) to assist, in the case of electric utilities that own defense critical electric infrastructure (as defined in section 824o–1(a) of title 16), with full engineering reviews of critical functions and operations at both the utility and defense infrastructure levels—
(i)
to identify unprotected avenues for cyber-enabled sabotage that would have catastrophic effects to national security; and
(ii)
to recommend and implement engineering protections to ensure continued operations of identified critical functions even in the face of constant cyber attacks and achieved perimeter access by sophisticated adversaries.