PRIA Logo
Take the PRIA Score
Title 42The Public Health and WelfareRelease 119-73

§18721 Enhancing grid security through public-private partnerships

Title 42 › Chapter CHAPTER 162— - ENERGY INFRASTRUCTURE › Subchapter SUBCHAPTER I— - GRID INFRASTRUCTURE AND RESILIENCY › Part Part B— - Cybersecurity › § 18721

Last updated Apr 6, 2026|Official source

Summary

The Secretary of Energy must run a program, working with the Secretary of Homeland Security and consulting other federal agencies, state regulators, industry groups, and the Electric Reliability Organization, to help electric utilities strengthen physical and cyber security. Key terms: Bulk-power system — the large grid that serves many users; Electric Reliability Organization — the group that sets and enforces grid reliability rules; Electric utility — a company that provides electricity; State regulatory authority — the state agency that oversees utilities. The program must create voluntary maturity models, self-checks, and audit methods; help with threat assessments and cybersecurity training; give technical help; train utilities on supply-chain cyber risks; work with utilities to improve cybersecurity of third-party grid vendors; share best practices and data; and, for utilities that serve defense-critical infrastructure, do full engineering reviews to find cyber attack paths and put in protections so critical functions keep working even if attackers get inside. The Secretary must consider utility size and region, give priority to smaller or resource-limited utilities, and use existing Department of Energy, Homeland Security, and other federal programs when possible. Not later than 1 year after November 15, 2021, the Secretary, with DHS and others, must give Congress a report on priorities and actions to protect electricity distribution (including behind-the-meter generation, storage, and load management), plus cost–benefit estimates and public–private cost-sharing options. Information that the Secretary reasonably believes could harm the security of a utility or the bulk-power system must be exempt from disclosure under section 552(b)(3) of title 5 and must not be released under any federal, state, local, or Tribal public-record law.

Full Legal Text

Title 42, §18721

The Public Health and Welfare — Source: USLM XML via OLRC

(a)In this section:
(1)The terms “bulk-power system” and “Electric Reliability Organization” has the meaning given the terms in section 824o(a) of title 16.
(2)The terms “electric utility” and “State regulatory authority” have the meanings given the terms in section 796 of title 16.
(b)(1)The Secretary, in coordination with the Secretary of Homeland Security and in consultation with, as the Secretary determines to be appropriate, the heads of other relevant Federal agencies, State regulatory authorities, industry stakeholders, and the Electric Reliability Organization, shall carry out a program—
(A)to develop, and provide for voluntary implementation of, maturity models, self-assessments, and auditing methods for assessing the physical security and cybersecurity of electric utilities;
(B)to assist with threat assessment and cybersecurity training for electric utilities;
(C)to provide technical assistance for electric utilities subject to the program;
(D)to provide training to electric utilities to address and mitigate cybersecurity supply chain management risks;
(E)to advance, in partnership with electric utilities, the cybersecurity of third-party vendors that manufacture components of the electric grid;
(F)to increase opportunities for sharing best practices and data collection within the electric sector; and
(G)to assist, in the case of electric utilities that own defense critical electric infrastructure (as defined in section 824o–1(a) of title 16), with full engineering reviews of critical functions and operations at both the utility and defense infrastructure levels—
(i)to identify unprotected avenues for cyber-enabled sabotage that would have catastrophic effects to national security; and
(ii)to recommend and implement engineering protections to ensure continued operations of identified critical functions even in the face of constant cyber attacks and achieved perimeter access by sophisticated adversaries.
(2)In carrying out the program under paragraph (1), the Secretary shall—
(A)take into consideration—
(i)the different sizes of electric utilities; and
(ii)the regions that electric utilities serve;
(B)prioritize electric utilities with fewer available resources due to size or region; and
(C)to the maximum extent practicable, use and leverage—
(i)existing Department and Department of Homeland Security programs; and
(ii)existing programs of the Federal agencies determined to be appropriate under paragraph (1).
(c)Not later than 1 year after November 15, 2021, the Secretary, in coordination with the Secretary of Homeland Security and in consultation with, as the Secretary determines to be appropriate, the heads of other Federal agencies, State regulatory authorities, and industry stakeholders, shall submit to Congress a report that assesses—
(1)priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems, including behind-the-meter generation, storage, and load management devices, to address threats to, and vulnerabilities of, electricity distribution systems; and
(2)the implementation of the priorities, policies, procedures, and actions assessed under paragraph (1), including—
(A)an estimate of potential costs and benefits of the implementation; and
(B)an assessment of any public-private cost-sharing opportunities.
(d)Information provided to, or collected by, the Federal Government pursuant to this section the disclosure of which the Secretary reasonably foresees could be detrimental to the physical security or cybersecurity of any electric utility or the bulk-power system—
(1)shall be exempt from disclosure under section 552(b)(3) of title 5; and
(2)shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.

Legislative History

Notes & Related Subsidiaries

Statutory Notes and Related Subsidiaries

Wage Rate RequirementsFor provisions relating to rates of wages to be paid to laborers and mechanics on projects for

Construction

, alteration, or repair work funded under div. D or an amendment by div. D of Pub. L. 117–58, including authority of Secretary of Labor, see section 18851 of this title.

Reference

Citations & Metadata

Citation

42 U.S.C. § 18721

Title 42The Public Health and Welfare

Last Updated

Apr 6, 2026

Release point: 119-73