(a) DefinitionsIn this section:
(1) Bulk-power system; Electric Reliability Organization
The terms “bulk-power system” and “Electric Reliability Organization” has the meaning given the terms in section 824o(a) of title 16.
(2) Electric utility; State regulatory authority
The terms “electric utility” and “State regulatory authority” have the meanings given the terms in section 796 of title 16.
(b) Program to promote and advance physical security and cybersecurity of electric utilities
(1) EstablishmentThe Secretary, in coordination with the Secretary of Homeland Security and in consultation with, as the Secretary determines to be appropriate, the heads of other relevant Federal agencies, State regulatory authorities, industry stakeholders, and the Electric Reliability Organization, shall carry out a program—
(A)
to develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities;
(D)
to provide training to electric utilities to address and mitigate cybersecurity supply chain management risks;
(E)
to advance, in partnership with electric utilities, the cybersecurity of third-party vendors that manufacture components of the electric grid;
(F)
to increase opportunities for sharing best practices and data collection within the electric sector; and
(G) to assist, in the case of electric utilities that own defense critical electric infrastructure (as defined in section 824o–1(a) of title 16), with full engineering reviews of critical functions and operations at both the utility and defense infrastructure levels—
(2) ScopeIn carrying out the program under paragraph (1), the Secretary shall—
(c) Report on cybersecurity of distribution systemsNot later than 1 year after November 15, 2021, the Secretary, in coordination with the Secretary of Homeland Security and in consultation with, as the Secretary determines to be appropriate, the heads of other Federal agencies, State regulatory authorities, and industry stakeholders, shall submit to Congress a report that assesses—
(1)
priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems, including behind-the-meter generation, storage, and load management devices, to address threats to, and vulnerabilities of, electricity distribution systems; and
(d) Protection of informationInformation provided to, or collected by, the Federal Government pursuant to this section the disclosure of which the Secretary reasonably foresees could be detrimental to the physical security or cybersecurity of any electric utility or the bulk-power system—