{"identifier":"/us/usc/t42/s18721","title":42,"num":"\u00a7\u202f18721.","heading":"Enhancing grid security through public-private partnerships","text":"\u00a7\u202f18721.\nEnhancing grid security through public-private partnerships\n(a)\nDefinitions\nIn this section:\n(1)\nBulk-power system; Electric Reliability Organization\nThe terms \u201cbulk-power system\u201d and \u201cElectric Reliability Organization\u201d has the meaning given the terms in section 824\no\n(2)\nElectric utility; State regulatory authority\nThe terms \u201celectric utility\u201d and \u201cState regulatory authority\u201d have the meanings given the terms in\nsection 796 of title 16\n(b)\nProgram to promote and advance physical security and cybersecurity of electric utilities\n(1)\nEstablishment\nThe Secretary, in coordination with the Secretary of Homeland Security and in consultation with, as the Secretary determines to be appropriate, the heads of other relevant Federal agencies, State regulatory authorities, industry stakeholders, and the Electric Reliability Organization, shall carry out a program\u2014\n(A) to develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities;\n(B) to assist with threat assessment and cybersecurity training for electric utilities;\n(C) to provide technical assistance for electric utilities subject to the program;\n(D) to provide training to electric utilities to address and mitigate cybersecurity supply chain management risks;\n(E) to advance, in partnership with electric utilities, the cybersecurity of third-party vendors that manufacture components of the electric grid;\n(F) to increase opportunities for sharing best practices and data collection within the electric sector; and\n(G) to assist, in the case of electric utilities that own defense critical electric infrastructure (as defined in section 824\n(i) to identify unprotected avenues for cyber-enabled sabotage that would have catastrophic effects to national security; and\n(ii) to recommend and implement engineering protections to ensure continued operations of identified critical functions even in the face of constant cyber attacks and achieved perimeter access by sophisticated adversaries.\n(2)\nScope\nIn carrying out the program under paragraph (1), the Secretary shall\u2014\n(A) take into consideration\u2014\n(i) the different sizes of electric utilities; and\n(ii) the regions that electric utilities serve;\n(B) prioritize electric utilities with fewer available resources due to size or region; and\n(C) to the maximum extent practicable, use and leverage\u2014\n(i) existing Department and Department of Homeland Security programs; and\n(ii) existing programs of the Federal agencies determined to be appropriate under paragraph (1).\n(c)\nReport on cybersecurity of distribution systems\nNot later than 1 year after\n(1) priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems, including behind-the-meter generation, storage, and load management devices, to address threats to, and vulnerabilities of, electricity distribution systems; and\n(2) the implementation of the priorities, policies, procedures, and actions assessed under paragraph (1), including\u2014\n(A) an estimate of potential costs and benefits of the implementation; and\n(B) an assessment of any public-private cost-sharing opportunities.\n(d)\nProtection of information\nInformation provided to, or collected by, the Federal Government pursuant to this section the disclosure of which the Secretary reasonably foresees could be detrimental to the physical security or cybersecurity of any electric utility or the bulk-power system\u2014\n(1) shall be exempt from disclosure under\nsection 552(b)(3) of title 5\n(2) shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.","url":"https://projectusc.org/usc/t42/s18721.html","content":[{"t":"sec","id":"/us/usc/t42/s18721","children":[{"t":"num","text":"\u00a7\u202f18721."},{"t":"heading","text":"Enhancing grid security through public-private partnerships"},{"t":"subsec","id":"/us/usc/t42/s18721/a","children":[{"t":"num","text":"(a)"},{"t":"heading","text":"Definitions"},{"t":"chapeau","text":"In this section:"},{"t":"para","id":"/us/usc/t42/s18721/a/1","children":[{"t":"num","text":"(1)"},{"t":"heading","text":"Bulk-power system; Electric Reliability Organization"},{"t":"content","children":[{"t":"p","text":"The terms \u201cbulk-power system\u201d and \u201cElectric Reliability Organization\u201d has the meaning given the terms in section 824","children":[{"t":"text","text":"o","tail":"(a) of title 16."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t42/s18721/a/2","children":[{"t":"num","text":"(2)"},{"t":"heading","text":"Electric utility; State regulatory authority"},{"t":"content","children":[{"t":"p","text":"The terms \u201celectric utility\u201d and \u201cState regulatory authority\u201d have the meanings given the terms in ","children":[{"t":"ref","text":"section 796 of title 16","href":"/us/usc/t16/s796","tail":"."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subsec","id":"/us/usc/t42/s18721/b","children":[{"t":"num","text":"(b)"},{"t":"heading","text":"Program to promote and advance physical security and cybersecurity of electric utilities"},{"t":"para","id":"/us/usc/t42/s18721/b/1","children":[{"t":"num","text":"(1)"},{"t":"heading","text":"Establishment"},{"t":"chapeau","text":"The Secretary, in coordination with the Secretary of Homeland Security and in consultation with, as the Secretary determines to be appropriate, the heads of other relevant Federal agencies, State regulatory authorities, industry stakeholders, and the Electric Reliability Organization, shall carry out a program\u2014"},{"t":"subpara","id":"/us/usc/t42/s18721/b/1/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" to develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s18721/b/1/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" to assist with threat assessment and cybersecurity training for electric utilities;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s18721/b/1/C","children":[{"t":"num","text":"(C)"},{"t":"content","text":" to provide technical assistance for electric utilities subject to the program;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s18721/b/1/D","children":[{"t":"num","text":"(D)"},{"t":"content","text":" to provide training to electric utilities to address and mitigate cybersecurity supply chain management risks;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s18721/b/1/E","children":[{"t":"num","text":"(E)"},{"t":"content","text":" to advance, in partnership with electric utilities, the cybersecurity of third-party vendors that manufacture components of the electric grid;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s18721/b/1/F","children":[{"t":"num","text":"(F)"},{"t":"content","text":" to increase opportunities for sharing best practices and data collection within the electric sector; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s18721/b/1/G","children":[{"t":"num","text":"(G)"},{"t":"chapeau","text":" to assist, in the case of electric utilities that own defense critical electric infrastructure (as defined in section 824","children":[{"t":"text","text":"o","tail":"\u20131(a) of title 16), with full engineering reviews of critical functions and operations at both the utility and defense infrastructure levels\u2014"}]},{"t":"clause","id":"/us/usc/t42/s18721/b/1/G/i","children":[{"t":"num","text":"(i)"},{"t":"content","text":" to identify unprotected avenues for cyber-enabled sabotage that would have catastrophic effects to national security; and","tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t42/s18721/b/1/G/ii","children":[{"t":"num","text":"(ii)"},{"t":"content","text":" to recommend and implement engineering protections to ensure continued operations of identified critical functions even in the face of constant cyber attacks and achieved perimeter access by sophisticated adversaries.","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t42/s18721/b/2","children":[{"t":"num","text":"(2)"},{"t":"heading","text":"Scope"},{"t":"chapeau","text":"In carrying out the program under paragraph (1), the Secretary shall\u2014"},{"t":"subpara","id":"/us/usc/t42/s18721/b/2/A","children":[{"t":"num","text":"(A)"},{"t":"chapeau","text":" take into consideration\u2014"},{"t":"clause","id":"/us/usc/t42/s18721/b/2/A/i","children":[{"t":"num","text":"(i)"},{"t":"content","text":" the different sizes of electric utilities; and","tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t42/s18721/b/2/A/ii","children":[{"t":"num","text":"(ii)"},{"t":"content","text":" the regions that electric utilities serve;","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s18721/b/2/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" prioritize electric utilities with fewer available resources due to size or region; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s18721/b/2/C","children":[{"t":"num","text":"(C)"},{"t":"chapeau","text":" to the maximum extent practicable, use and leverage\u2014"},{"t":"clause","id":"/us/usc/t42/s18721/b/2/C/i","children":[{"t":"num","text":"(i)"},{"t":"content","text":" existing Department and Department of Homeland Security programs; and","tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t42/s18721/b/2/C/ii","children":[{"t":"num","text":"(ii)"},{"t":"content","text":" existing programs of the Federal agencies determined to be appropriate under paragraph (1).","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subsec","id":"/us/usc/t42/s18721/c","children":[{"t":"num","text":"(c)"},{"t":"heading","text":"Report on cybersecurity of distribution systems"},{"t":"chapeau","text":"Not later than 1 year after ","children":[{"t":"text","text":"November 15, 2021","tail":", the Secretary, in coordination with the Secretary of Homeland Security and in consultation with, as the Secretary determines to be appropriate, the heads of other Federal agencies, State regulatory authorities, and industry stakeholders, shall submit to Congress a report that assesses\u2014"}]},{"t":"para","id":"/us/usc/t42/s18721/c/1","children":[{"t":"num","text":"(1)"},{"t":"content","text":" priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems, including behind-the-meter generation, storage, and load management devices, to address threats to, and vulnerabilities of, electricity distribution systems; and","tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t42/s18721/c/2","children":[{"t":"num","text":"(2)"},{"t":"chapeau","text":" the implementation of the priorities, policies, procedures, and actions assessed under paragraph (1), including\u2014"},{"t":"subpara","id":"/us/usc/t42/s18721/c/2/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" an estimate of potential costs and benefits of the implementation; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s18721/c/2/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" an assessment of any public-private cost-sharing opportunities.","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subsec","id":"/us/usc/t42/s18721/d","children":[{"t":"num","text":"(d)"},{"t":"heading","text":"Protection of information"},{"t":"chapeau","text":"Information provided to, or collected by, the Federal Government pursuant to this section the disclosure of which the Secretary reasonably foresees could be detrimental to the physical security or cybersecurity of any electric utility or the bulk-power system\u2014"},{"t":"para","id":"/us/usc/t42/s18721/d/1","children":[{"t":"num","text":"(1)"},{"t":"content","text":" shall be exempt from disclosure under ","children":[{"t":"ref","text":"section 552(b)(3) of title 5","href":"/us/usc/t5/s552/b/3","tail":"; and"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t42/s18721/d/2","children":[{"t":"num","text":"(2)"},{"t":"content","text":" shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"text","text":"\n"},{"t":"text","text":"\n"}]}]}