Aiming to identify, enhance, and test supply chain vulnerabilities in the energy sector and cybersecurity response capabilities between public and private sectors, the U.S. Senate Committee on Energy & Natural Resources approved legislation that directs the Department of Energy (DoE) to create several new programs towards the development of “advanced cybersecurity applications and technologies” for the sector.[1]  The Energy Cybersecurity Act of 2019 (the Act) directs DoE to establish programs that identify supply chain vulnerabilities and expand Federal cooperation and coordination for responses to cyber threats.

If passed, the Act will require the DoE to:

  1. Establish a program to enhance advanced energy sector cybersecurity technologies and applications by leveraging electric grid architecture to assess potential risks to critical infrastructure and security preparedness. The DoE is instructed to advance the security of field devices and third-party control systems, evaluate whether the systems are implicated in the generation, transmission, and distribution of energy and determine best practices for forensic analysis of infected systems and secure communications.
  2. Establish a program to test and identify potential vulnerabilities to the energy sector, including supply chain components, which would allow DoE to oversee third-party testing of the energy sector’s cybersecurity measures and directs the agency to develop procurement guidelines for supply chain components.
  3. Establish a program that provides operational support to the energy sector for cybersecurity resilience. The Act notes that the program should enhance and test emergency response capabilities, expand cooperation between DoE and the intelligence community, enhance existing tools such as the Electricity Information Sharing and Analysis Center (E-ISAC), and provide technical assistance to small stakeholders to assess their cybersecurity.
  4. Develop an advanced energy security program that (1) identifies vulnerabilities and provides modeling to predict potential impacts to the energy sector; (2) develops physical and cybersecurity models; (3) conducts exercise to mitigate vulnerabilities; (4) researches electrical grid components that may be susceptible to cybersecurity threats; and (5) provides technical assistance to States and other entities that will promote the development of industry-wide standards and risk analyses. This program should evaluate how applications and technologies will mitigate vulnerabilities; for example, DoE should consider potential dependencies on other critical infrastructure and impacts from weather and fuel supply interruptions.
  5. In consultation with the Federal Energy Regulatory Commission (FERC), develop and conduct a study within 180 days of the bill’s enactment to evaluate management structures and funding mechanisms that will encourage industry stakeholders to participate in E-ISAC.

The Act authorizes appropriations for DoE to implement these programs.

Although the bill has been passed out of committee, it is unclear if and when the bill will be brought to the floor for a vote. If passed, the Act would take effect 90 days after enactment.

[1] S. 2333, Energy Cybersecurity Act of 2019, available at https://www.congress.gov/bill/116th-congress/senate-bill/2333.

Tags: Cybersecurity, Department of Energy, DoE, Proposed Legislation
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jeffrey L. Poston Jeffrey L. Poston

Jeff Poston is a partner in Crowell & Moring’s Washington, D.C. office, where he serves as co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and is a member of the Litigation Group. A seasoned trial lawyer with more than 25 years…

Jeff Poston is a partner in Crowell & Moring’s Washington, D.C. office, where he serves as co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and is a member of the Litigation Group. A seasoned trial lawyer with more than 25 years of experience leading investigations and litigation for corporate clients, Jeff counsels and defends clients in complex data protection matters involving class-actions and regulatory enforcement actions, as well as commercial disputes. Jeff also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

Read more about Jeffrey L. Poston
Show more Show less
Photo of Kate Growley Kate Growley

Businesses around the globe rely on Kate M. Growley to navigate their most challenging digital issues, particularly those involving cybersecurity, artificial intelligence, digital infrastructure, and their intersection with national security. Clients seek her guidance on proactive compliance, incident response, internal and government-facing investigations…

Businesses around the globe rely on Kate M. Growley to navigate their most challenging digital issues, particularly those involving cybersecurity, artificial intelligence, digital infrastructure, and their intersection with national security. Clients seek her guidance on proactive compliance, incident response, internal and government-facing investigations, and policy engagement. With a unique combination of legal, policy, and consulting experience, Kate excels in translating complex technical topics into advice that is practical and informed by risk and business needs.

Kate has extensive experience working with members of the U.S. government contracting community, especially those within the Defense Industrial Base. She has partnered with contractors from every major sector, including technology, manufacturing, health care, and professional services. Kate is an IAPP AI Governance Professional (AIGP) and a Certified Information Privacy Professional for both the U.S. private and government sectors (CIPP/G and CIPP/US). She is also a Registered Practitioner with the U.S. Cybersecurity Maturity Model Certification (CMMC) Cyber Accreditation Body (AB).

Having lived in Greater China for several years, Kate also brings an uncommon understanding of digital and national security requirements from across the Asia Pacific region. She has notable experience with the regulatory environments of Australia, Singapore, Japan, and Greater China—including the growing regulation of data flows between the latter and the United States.

Kate is a partner in the firm’s Washington, D.C., office, as well as a senior director in the firm’s consultancy Crowell Global Advisors, to which she was seconded for several years. She is a founding member of the firm’s Privacy & Cybersecurity Group and part of the firm’s AI Steering Committee. She has been internationally recognized by Chambers and named a “Rising Star” by both Law360 and the American Bar Association (ABA). She has held numerous leadership positions in the ABA’s Public Contract Law and Science & Technology Sections and has been inducted as a lifetime fellow in the American Bar Foundation.

Read more about Kate Growley
Show more Show less
Photo of Tyler A. O'Connor Tyler A. O'Connor

Tyler O’Connor is an energy litigator and public policy leader in Crowell & Moring’s Washington, D.C. office, where he represents clients in the courts, in arbitration forums, and before federal agencies.

Prior to joining Crowell, Tyler served as the Energy Counsel to the…

Tyler O’Connor is an energy litigator and public policy leader in Crowell & Moring’s Washington, D.C. office, where he represents clients in the courts, in arbitration forums, and before federal agencies.

Prior to joining Crowell, Tyler served as the Energy Counsel to the House Energy and Commerce Committee, where he played a leading role in drafting the Inflation Reduction Act (IRA) and Infrastructure Investment and Jobs Act (IIJA). He was the lead House lawyer responsible for the Federal Power Act and Natural Gas Act and worked extensively on transmission, energy cybersecurity, and energy supply chain issues. His work brought him into frequent contact with senior administration officials, including at the Department of Energy (DOE) and the Federal Energy Regulatory Commission (FERC), as well as congressional leadership. As the staffer responsible for emerging technologies, including hydrogen and offshore wind, as well as the Loan Programs Office, Tyler has been at the center of energy policy discussions.

Read more about Tyler A. O'Connor
Show more Show less
Related Posts
DoD Digs In Its Cyber “SPRS”: New Solicitation Provision Requires Contracting Officers to Consider SPRS Risk Assessments
March 27, 2023
Biden Administration Releases Comprehensive National Cybersecurity Strategy
March 6, 2023
Protecting Work Product: When the Threat of Litigation Is Too Remote for Privilege
February 7, 2020