Sec. 4. Electricity sector cybersecurity research, development, and demonstration program
635 words·~3 min read·
/bill/115/hr/4120/ih/section-4A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The Secretary, in coordination with appropriate Federal agencies, the Electricity Subsector Coordinating Council, State, tribal, local, and territorial governments, private sector vendors, and other relevant stakeholders, shall carry out a research, development, and demonstration initiative to harden and mitigate the electric grid from the consequences of cyber attacks by increasing the cybersecurity capabilities of the electricity sector and accelerating the development of cybersecurity technologies and tools.
As part of the initiative described in subsection (a), the Secretary shall carry out activities to— identify cybersecurity risks to the communication and control systems within, and impacting, the electricity sector; develop methods and tools to rapidly detect cyber intruders and cyber incidents, including the use of data analytics techniques to validate and verify system behavior using multiple data streams reflecting the state of the system; assess emerging energy technology cybersecurity capabilities, and integrate cybersecurity features and protocols into the design, development, and deployment of emerging technologies, including renewable energy technologies; develop secure industrial control system protocols and identify vulnerabilities in existing protocols; work with manufacturers to build or retrofit security features and protocols into— communication and network systems and management processes; industrial control and energy management system devices, components, software, firmware, and hardware, including distributed control and management systems and building management systems; data storage systems and data management and analysis processes; generation, transmission, distribution, and energy storage technologies; automated and manually controlled devices and equipment for monitoring or managing frequency, voltage, and current; technologies used to synchronize time and develop guidance for operational contingency plans when time synchronization technologies are compromised; end user elements that connect to the grid, including— meters, synchrophasors, and other sensors; distribution automation technologies, smart inverters, and other grid control technologies; distributed generation and energy storage technologies; demand response technologies; home and building energy control systems; electric and plug-in hybrid vehicles; and other relevant devices, software, firmware, hardware, and distributed energy technologies; and the supply chain of electric grid management system components; improve the physical security of communication technologies and industrial control systems, including remote assets; integrate human factors research into the design and development of advanced tools and processes for dynamic monitoring, detection, protection, mitigation, and response; advance the capabilities and use of relevant interdisciplinary mathematical and computer simulation modeling and analysis methods; evaluate and understand the potential consequences of practices used to maintain the cybersecurity of information technology systems on the cybersecurity of industrial control systems; increase access to and the capabilities of existing cybersecurity test beds to simulate impacts of cyber attacks on industrial control system devices, components, software, and hardware; and reduce the cost of implementing effective cybersecurity technologies and tools in the electricity sector.
The National Science Foundation shall— support fundamental research to advance cybersecurity applications, technologies, and tools for industrial control systems, including incorporating interdisciplinary research in— evolutionary systems, theories, mathematics, and models; economic and financial theories, mathematics, and models; and big data analytical methods, mathematics, computer coding, and algorithms; and support education and training for the industrial control system cybersecurity workforce, including through the Advanced Technological Education program, graduate research fellowships, and other appropriate programs.
The Science and Technology Directorate of the Department of Homeland Security, in collaboration with the Department of Energy, experts in the private sector with the necessary clearances, and other relevant stakeholders, shall assess existing cybersecurity technologies and tools used in the defense industry and— identify technologies and tools that could be applied to meeting evolving civilian energy sector cybersecurity needs; develop a research strategy that incorporates human factors research findings to guide the modification of defense industry cybersecurity tools for use in the civilian sector; develop a strategy to accelerate efforts to bring modified defense industry cybersecurity tools to the civilian market; and carry out other activities the Secretary of Homeland Security considers appropriate to meet the goals of this subsection.