PRIA Logo
Take the PRIA Score
Title 42The Public Health and WelfareRelease 119-73

§18722 Energy cyber sense program

Title 42 › Chapter CHAPTER 162— - ENERGY INFRASTRUCTURE › Subchapter SUBCHAPTER I— - GRID INFRASTRUCTURE AND RESILIENCY › Part Part B— - Cybersecurity › § 18722

Last updated Apr 6, 2026|Official source

Summary

The Secretary must create a voluntary Energy Cyber Sense program, working with the Secretary of Homeland Security and consulting other federal agency heads, to test the cybersecurity of products and technologies used in the energy sector, including the bulk-power system (as defined in section 824o(a) of title 16). The law defines two terms: "bulk-power system" — see section 824o(a) of title 16 for its meaning, and "program" — the voluntary Energy Cyber Sense program. Under the program, the Secretary will set up testing for energy products (including industrial control and SCADA systems); run a vulnerability reporting process and database tied to federal coordination; give technical help to utilities and manufacturers; review tested products every two years and report on defenses; make guidance for buying products; give public notice and take comments before changing testing; oversee testing; consider incentives to use test results; and protect collected information from public release (exempt under section 552(b)(3) of title 5 and not subject to federal, State, or Tribal public-disclosure laws). The law does not allow suing the United States over program testing.

Full Legal Text

Title 42, §18722

The Public Health and Welfare — Source: USLM XML via OLRC

(a)In this section:
(1)The term “bulk-power system” has the meaning given the term in section 824o(a) of title 16.
(2)The term “program” means the voluntary Energy Cyber Sense program established under subsection (b).
(b)The Secretary, in coordination with the Secretary of Homeland Security and in consultation with the heads of other relevant Federal agencies, shall establish a voluntary Energy Cyber Sense program to test the cybersecurity of products and technologies intended for use in the energy sector, including in the bulk-power system.
(c)In carrying out subsection (b), the Secretary, in coordination with the Secretary of Homeland Security and in consultation with the heads of other relevant Federal agencies, shall—
(1)establish a testing process under the program to test the cybersecurity of products and technologies intended for use in the energy sector, including products relating to industrial control systems and operational technologies, such as supervisory control and data acquisition systems;
(2)for products and technologies tested under the program, establish and maintain cybersecurity vulnerability reporting processes and a related database that are integrated with Federal vulnerability coordination processes;
(3)provide technical assistance to electric utilities, product manufacturers, and other energy sector stakeholders to develop solutions to mitigate identified cybersecurity vulnerabilities in products and technologies tested under the program;
(4)biennially review products and technologies tested under the program for cybersecurity vulnerabilities and provide analysis with respect to how those products and technologies respond to and mitigate cyber threats;
(5)develop guidance that is informed by analysis and testing results under the program for electric utilities and other components of the energy sector for the procurement of products and technologies;
(6)provide reasonable notice to, and solicit comments from, the public prior to establishing or revising the testing process under the program;
(7)oversee the testing of products and technologies under the program; and
(8)consider incentives to encourage the use of analysis and results of testing under the program in the design of products and technologies for use in the energy sector.
(d)Information provided to, or collected by, the Federal Government pursuant to this section the disclosure of which the Secretary reasonably foresees could be detrimental to the physical security or cybersecurity of any component of the energy sector, including any electric utility or the bulk-power system—
(1)shall be exempt from disclosure under section 552(b)(3) of title 5; and
(2)shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.
(e)Nothing in this section authorizes the commencement of an action against the United States with respect to the testing of a product or technology under the program.

Legislative History

Notes & Related Subsidiaries

Statutory Notes and Related Subsidiaries

Wage Rate RequirementsFor provisions relating to rates of wages to be paid to laborers and mechanics on projects for

Construction

, alteration, or repair work funded under div. D or an amendment by div. D of Pub. L. 117–58, including authority of Secretary of Labor, see section 18851 of this title.

Reference

Citations & Metadata

Citation

42 U.S.C. § 18722

Title 42The Public Health and Welfare

Last Updated

Apr 6, 2026

Release point: 119-73