View all text of Part B [§ 18721 - § 18726]
§ 18722. Energy cyber sense program
(a) Definitions
In this section:
(1) Bulk-power system
(2) Program
(b) Establishment
(c) Program requirements
In carrying out subsection (b), the Secretary, in coordination with the Secretary of Homeland Security and in consultation with the heads of other relevant Federal agencies, shall—
(1) establish a testing process under the program to test the cybersecurity of products and technologies intended for use in the energy sector, including products relating to industrial control systems and operational technologies, such as supervisory control and data acquisition systems;
(2) for products and technologies tested under the program, establish and maintain cybersecurity vulnerability reporting processes and a related database that are integrated with Federal vulnerability coordination processes;
(3) provide technical assistance to electric utilities, product manufacturers, and other energy sector stakeholders to develop solutions to mitigate identified cybersecurity vulnerabilities in products and technologies tested under the program;
(4) biennially review products and technologies tested under the program for cybersecurity vulnerabilities and provide analysis with respect to how those products and technologies respond to and mitigate cyber threats;
(5) develop guidance that is informed by analysis and testing results under the program for electric utilities and other components of the energy sector for the procurement of products and technologies;
(6) provide reasonable notice to, and solicit comments from, the public prior to establishing or revising the testing process under the program;
(7) oversee the testing of products and technologies under the program; and
(8) consider incentives to encourage the use of analysis and results of testing under the program in the design of products and technologies for use in the energy sector.
(d) Protection of information
Information provided to, or collected by, the Federal Government pursuant to this section the disclosure of which the Secretary reasonably foresees could be detrimental to the physical security or cybersecurity of any component of the energy sector, including any electric utility or the bulk-power system—
(1) shall be exempt from disclosure under section 552(b)(3) of title 5; and
(2) shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.
(e) Federal Government liability
(Pub. L. 117–58, div. D, title I, § 40122, Nov. 15, 2021, 135 Stat. 950.)