S 1400 Introduced - PROTECT Act of 2021
Back in March, Sen Murkowski (R,AK) introduced S 1400, the Protecting Resources on The Electric grid with Cybersecurity Technology (PROTECT) Act of 2021. The bill would provide energy cybersecurity investment incentives and establish a grant and technical assistance program for cybersecurity investments. The language is virtually identical to S 2556 that was introduced in the 116th Congress and reported in the Senate.
Definitions
The bill includes definitions of two new terms; these are included in the new §219A being added to the Federal Power Act by §2 of the bill. Those terms, with definitions, are:
Advanced Cybersecurity Technology – any technology, operational capability, or service, including computer hardware, software, or a related asset, that enhances the security posture of public utilities through improvements in the ability to protect against, detect, respond to, or recover from a cybersecurity threat (as defined in 6 USC 1501).
ADVANCED CYBERSECURITY TECHNOLOGY INFORMATION – information relating to advanced cybersecurity technology or proposed advanced cybersecurity technology that is generated by or provided to the Commission or another Federal agency.
Investment Incentives
The new §219A(b) would require the Federal Energy Regulatory Commission (FERC) to “conduct a study to identify incentive-based, including performance-based, rate treatments for the transmission of electric energy subject to the jurisdiction of the Commission that could be used to encourage”:
Investment by public utilities in advanced cybersecurity technology; and
Participation by public utilities in cybersecurity threat information sharing programs.
One year after the study described above was completed, subsection (c) would require FERC to establish a rule providing for “incentive-based, including performance-based, rate treatments for the transmission of electric energy in interstate commerce by public utilities for the purpose of benefitting consumers by encouraging” the same investments and participation describe above.
Section 219A(d) would allow FERC to also include in that rulemaking additional incentives for:
Defense critical electric infrastructure {as defined in 16 USC 824o-1(a)} and other facilities subject to the jurisdiction of the Commission that are critical to public safety, national defense, or homeland security, as determined by the Commission; and
Facilities of small- or medium-sized public utilities with limited cybersecurity resources, as determined by the Commission.
Additionally, §219A(g) would provide protection against disclosure of advanced “cybersecurity technology information that is provided to, generated by, or collected by the Federal Government under subsection (b), (c), or (f)” by considering the information to be critical electric infrastructure information (CEII) under §824o-1.
Cybersecurity Grant Program
Section 3 of the bill would require the DOE to establish the Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program to “to provide grants and technical assistance to, and enter into cooperative agreements with, eligible entities to protect against, detect, respond to, and recover from cybersecurity threats”. The following types of entities would be eligible to apply for such grants or assistance:
A rural electric cooperative,
A utility owned by a political subdivision of a State, such as a municipally owned electric utility,
A utility owned by any agency, authority, corporation, or instrumentality of one or more political subdivisions of a State,
A not-for-profit entity that is in a partnership with not fewer than 6 entities described above, and
An investor-owned electric utility that sells less than 4,000,000 megawatt hours of electricity per year.
DOE would be required to prioritize grants and technical assistance by giving priority to an eligible entity that, as determined by the Secretary:
Has limited cybersecurity resources,
Owns assets critical to the reliability of the bulk power system, or
Owns defense critical electric infrastructure (as defined in §824o–1(a).
The bill would authorize $50 million per year for the next four years for this grant/assistance program.
Finally, information provided to FERC or collected by FERC under this program would be protected from public disclosure, but would not specifically be considered CEII.
Moving Forward
Murkowski and three of her cosponsors {Sen Manchin (D,WV), Risch (R,ID), and King (I,ME)} are all members of the Senate Energy and Natural Resources Committee to which this bill was assigned for consideration. Between them (especially considering that Manchin is the Committee Chair) they certainly have enough influence to see the bill considered in Committee. I expect that this bill (as did S 2556 last session) would receive strong bipartisan support in Committee and ultimately in the Senate.
As is usually the problem for any bill in the Senate, there are only two ways that bills get to the floor for consideration. The easiest is under the Senate’s unanimous consent process, but a single Senator can stop such consideration and the opposition need not have anything to do with the merits of the bill being offered under the process. The other way is under the normal process of debate and amendment, but that takes up a large amount of the Senate’s time. Unfortunately, this bill is not important enough to be considered under the normal process. There may be enough support for the unanimous consent process to work, but that is iffy.
I was really surprised that Murkowski did not offer the language in this bill as an amendment to S 1260, the Endless Frontier Act, which is ‘currently’ under consideration in the Senate. Attaching this bill as an amendment to a high-profile bill like S 1260 would appear to be an easier way to move the language to the President’s desk than trying to wait out either of the other two stand-alone processes.