Energy Cybersecurity Act of 2019

Energy Cybersecurity Act of 2019

This bill directs the Department of Energy (DOE) to develop advanced cybersecurity applications and technologies for the energy sector.

DOE shall

• advance the security of field devices and third-party control systems;
• leverage electric grid architecture as a means to assess risks to the energy sector, including by implementing an all-hazards approach to communications infrastructure, control systems architecture, and power systems architecture;
• perform pilot demonstration projects with the energy sector to gain experience with new technologies; and
• develop workforce development curricula for energy sector-related cybersecurity.

DOE may also implement within the energy sector cybertesting and cyberresilience programs that target

• DOE emergency response capabilities,
• cooperation with the intelligence communities for energy sector-related threat collection and analysis,
• enhancing the tools of DOE and the Electricity Sector Information Sharing and Analysis Center (ES-ISAC) for monitoring the status of the energy sector,
• expanding industry participation in ES-ISAC, and
• technical assistance to small electric utilities to assess cybermaturity posture.

DOE must develop an advanced energy security program that secures diverse energy networks in order to increase the functional preservation of the electric grid operations or natural gas and oil operations in the face of natural and human-made threats and hazards, including electric magnetic pulse and geomagnetic disturbances.

DOE shall study alternative management structures and funding mechanisms to expand industry membership and participation in ES-ISAC.