OCR of the Document

View the Document >>

Department of Defense, Statement of Intent between the Secretary of Defense of the United States of America and the Minister for Defense of Sweden, June 8, 2016

FLO16626 S L C 114TH CONGRESS 2D SESSION S ll To provide for the establishment of a pilot program to identify security vulnerabilities of certain entities in the energy sector IN THE SENATE OF THE UNITED STATES llllllllll Mr KING for himself Mr RISCH Ms COLLINS and Mr HEINRICH introduced the following bill which was read twice and referred to the Committee on llllllllll A BILL To provide for the establishment of a pilot program to identify security vulnerabilities of certain entities in the energy sector 1 Be it enacted by the Senate and House of Representa- 2 tives of the United States of America in Congress assembled 3 4 SECTION 1 SHORT TITLE This Act may be cited as the ‘‘Securing Energy Infra- 5 structure Act’’ 6 SEC 2 DEFINITIONS 7 In this Act 8 9 1 COVERED ENTITY —The term ‘‘covered en- tity’’ means an entity identified pursuant to section FLO16626 S L C 2 1 9 a of Executive Order 13636 of February 12 2 2013 78 Fed Reg 11742 relating to identification 3 of critical infrastructure where a cybersecurity inci- 4 dent could reasonably result in catastrophic regional 5 or national effects on public health or safety eco- 6 nomic security or national security 7 2 EXPLOIT —The term ‘‘exploit’’ means a 8 software tool designed to take advantage of a secu- 9 rity vulnerability 10 3 INDUSTRIAL 11 A IN CONTROL SYSTEM — GENERAL —The term ‘‘industrial 12 control system’’ means an operational tech- 13 nology used to measure control or manage in- 14 dustrial functions 15 B INCLUSIONS —The term ‘‘industrial 16 control system’’ includes supervisory control 17 and data acquisition systems distributed con- 18 trol systems and programmable logic or embed- 19 ded controllers 20 4 NATIONAL LABORATORY —The term ‘‘Na- 21 tional Laboratory’’ has the meaning given the term 22 in section 2 of the Energy Policy Act of 2005 42 23 U S C 15801 24 25 5 PROGRAM —The term ‘‘Program’’ means the pilot program established under section 3 FLO16626 S L C 3 1 6 SECRETARY —The term ‘‘Secretary’’ means 2 the Secretary of Energy 3 7 SECURITY VULNERABILITY —The term ‘‘se- 4 curity vulnerability’’ means any attribute of hard- 5 ware software process or procedure that could en- 6 able or facilitate the defeat of a security control 7 SEC 3 PILOT PROGRAM FOR SECURING ENERGY INFRA- 8 9 STRUCTURE Not later than 60 days after the date of enactment 10 of this Act the Secretary shall establish a 2-year control 11 systems implementation pilot program within the National 12 Laboratories for the purposes of— 13 1 studying the covered entities in the energy 14 sector that voluntarily participate in the Program to 15 identify new classes of security vulnerabilities of the 16 covered entities and 17 2 researching developing testing and imple- 18 menting technology platforms and standards to iso- 19 late and defend industrial control systems of covered 20 entities from security vulnerabilities and exploits in 21 the most critical systems of the covered entities in- 22 cluding— 23 A analog and non-digital control systems 24 B purpose-built control systems and 25 C physical controls FLO16626 S L C 4 1 2 SEC 4 WORKING GROUP a ESTABLISHMENT —The Secretary shall establish 3 a working group— 4 1 to evaluate the technology platforms and 5 standards used in the Program under section 3 2 6 and 7 2 to develop a national cyber-informed engi- 8 neering strategy to isolate and defend covered enti- 9 ties from security vulnerabilities and exploits in the 10 most critical systems of the covered entities 11 b MEMBERSHIP —The working group established 12 under subsection a shall be composed of not fewer than 13 10 members to be appointed by the Secretary at least 14 1 member of which shall represent each of the following 15 1 The Department of Energy 16 2 The energy industry including electric utili- 17 ties and manufacturers recommended by the Energy 18 Sector coordinating councils 19 20 21 22 23 24 25 3 A The Department of Homeland Security or B the Industrial Control Systems Cyber Emergency Response Team 4 The North American Electric Reliability Corporation 5 The Nuclear Regulatory Commission FLO16626 S L C 5 1 2 6 A The Office of the Director of National Intelligence or 3 B the intelligence community as defined in 4 section 3 of the National Security Act of 1947 50 5 U S C 3003 6 7 A The Department of Defense or 7 B the Assistant Secretary of Defense for 8 Homeland Security and America’s Security Affairs 9 10 11 12 13 14 8 A State or regional energy agency 9 A national research body or academic institution 10 The National Laboratories SEC 5 REPORT Not later than 2 years after the date on which funds 15 are first disbursed under the Program the Secretary shall 16 submit to the appropriate committees of Congress a final 17 report that— 18 1 describes the results of the Program 19 2 includes an analysis of the feasibility of 20 each method studied under the Program and 21 3 describes the results of the evaluations con- 22 ducted by the working group established under sec- 23 tion 4 a FLO16626 S L C 6 1 2 SEC 6 NO NEW REGULATORY AUTHORITY Nothing in this Act authorizes the Secretary or the 3 head of any other Federal agency to issue new regulations 4 5 SEC 7 EXEMPTION FROM DISCLOSURE Information shared by or with the Federal Govern- 6 ment or a State tribal or local government under this 7 Act shall be— 8 9 1 deemed to be voluntarily shared information and 10 2 exempt from disclosure under any provision 11 of Federal State tribal or local freedom of infor- 12 mation law open government law open meetings 13 law open records law sunshine law or similar law 14 requiring the disclosure of information or records 15 16 SEC 8 PROTECTION FROM LIABILITY a IN GENERAL —A cause of action against a cov- 17 ered entity for engaging in the voluntary activities author18 ized under section 3— 19 20 21 1 shall not lie or be maintained in any court and 2 shall be promptly dismissed by the applica- 22 ble court 23 b VOLUNTARY ACTIVITIES —Nothing in this Act 24 subjects any covered entity to liability for not engaging 25 in the voluntary activities authorized under section 3 FLO16626 S L C 7 1 2 SEC 9 AUTHORIZATION OF APPROPRIATIONS a PILOT PROGRAM —There is authorized to be ap- 3 propriated $10 000 000 to carry out section 3 4 b WORKING GROUP AND REPORT —There is au- 5 thorized to be appropriated $1 500 000 to carry out sec6 tions 4 and 5 7 c AVAILABILITY —Amounts made available under 8 subsections a and b shall remain available until ex9 pended