{
  "id": "R44939",
  "type": "CRS Report",
  "typeId": "REPORTS",
  "number": "R44939",
  "active": true,
  "source": "EveryCRSReport.com",
  "versions": [
    {
      "source": "EveryCRSReport.com",
      "id": 586097,
      "date": "2017-08-28",
      "retrieved": "2020-01-02T14:10:00.004918",
      "title": "Cybersecurity for Energy Delivery Systems: DOE Programs",
      "summary": "While physical threats to the U.S. power grid and pipelines have long worried policymakers, cyber threats to the computer systems that operate this critical infrastructure are an increasing concern. Cybersecurity risks against the power and pipeline sectors are similar, as both use similar control systems, and there appears to be a broad consensus that cyber threats to this infrastructure are on the rise. Furthermore, with ever-greater physical interdependency between electricity generators and the natural gas pipelines that supply their fuel, many in Congress recognize that grid and pipeline cybersecurity are intertwined. In 2015, the Fixing America\u2019s Surface Transportation Act (the FAST Act) provided the Secretary of Energy with new authority to protect or restore the power grid during a grid security emergency, including a cyber incident. Congress is considering additional legislation to fund and expand the Department of Energy\u2019s cybersecurity programs.\nThe Department of Energy (DOE) is the lead agency for the protection of electric power, oil, and natural gas infrastructure\u2014cooperating with the Department of Homeland Security, the lead agency for pipelines. DOE\u2019s cybersecurity activities are led by its Office of Electricity Delivery and Energy Reliability (OE) and structured around three areas: (1) cybersecurity preparedness, (2) cyber incident response and recovery, and (3) research, development, and demonstration. Although nominally applicable to energy delivery systems across the electric power, oil and natural gas, and pipeline sectors, OE\u2019s cybersecurity activities to date appear to have been focused primarily on the grid. Publicly available examples of DOE-supported activities specifically focused on pipeline cybersecurity are limited. Rather, pipeline cybersecurity efforts appear to be included as part of broader national cybersecurity efforts.\nSeveral bills potentially affecting DOE\u2019s cybersecurity activities for power grid and pipeline infrastructure have been introduced in the 115th Congress. These include the Defense, Military Construction, Veterans Affairs, Legislative Branch, and Energy and Water Development National Security Appropriations Act, 2018 (H.R. 3219) and the Energy and Water Development and Related Agencies Appropriations Act, 2018 (S. 1609), both of which would modestly increase funding for OE in FY2018. The Energy and Natural Resources Act of 2017 (S. 1460) would establish and fund a DOE program for energy sector cybersecurity research, development, and demonstration (RD&D) to be carried out for advanced applications to identify and mitigate cyber vulnerabilities. The Enhancing State Energy Security Planning and Emergency Preparedness Act of 2017 (H.R. 3050) would authorize DOE to provide financial and technical assistance to states for assessing cybersecurity threats to energy infrastructure.\nAs federal cybersecurity oversight and legislative debate continue, Congress may focus on several key issues. Given the ever-changing cybersecurity environment in the energy sector, Congress may continue to examine OE\u2019s cybersecurity resources to ensure that they are adequate and being deployed appropriately to address the most important energy delivery risks. Congress may also seek a more-informed basis for considering whether to adjust the provisions of the FAST Act or clarify the authorizations it contains. How OE\u2019s programs and expertise could best be used to inform analysis of electric power and natural gas infrastructure interdependency from a cybersecurity perspective may also be of interest to Congress. Finally, Congress may examine how OE\u2019s cybersecurity activities fit in, and coordinate with, the other various roles in energy cybersecurity for electricity, oil and natural gas pipelines. In particular, Congress may examine how OE\u2019s RD&D programs and work with the National Labs in electric power sector cybersecurity supports federal and private sector efforts in pipeline cybersecurity.",
      "type": "CRS Report",
      "typeId": "REPORTS",
      "active": true,
      "formats": [
        {
          "format": "HTML",
          "encoding": "utf-8",
          "url": "https://www.crs.gov/Reports/R44939",
          "sha1": "41d293f2985a1c74566cff989b3aa4b7e5672da5",
          "filename": "files/20170828_R44939_41d293f2985a1c74566cff989b3aa4b7e5672da5.html",
          "images": {}
        },
        {
          "format": "PDF",
          "encoding": null,
          "url": "https://www.crs.gov/Reports/pdf/R44939",
          "sha1": "ba785f8f826fd1bf71df26b7f6926068ce380f44",
          "filename": "files/20170828_R44939_ba785f8f826fd1bf71df26b7f6926068ce380f44.pdf",
          "images": {}
        }
      ],
      "topics": [
        {
          "source": "IBCList",
          "id": 4820,
          "name": "Cybersecurity"
        },
        {
          "source": "IBCList",
          "id": 4840,
          "name": "Electricity"
        },
        {
          "source": "IBCList",
          "id": 4907,
          "name": "Energy Policy"
        }
      ]
    }
  ],
  "topics": [
    "Appropriations",
    "Energy Policy"
  ]
}