PRIA Logo
Title 42The Public Health and WelfareRelease 119-73not60

§18722 Energy Cyber Sense Program

Title 42 › Chapter 162— ENERGY INFRASTRUCTURE › Subchapter I— GRID INFRASTRUCTURE AND RESILIENCY › Part B— Cybersecurity › § 18722

Last updated Apr 5, 2026|Official source

Summary

The Secretary of Energy must set up a voluntary Energy Cyber Sense program, working with the Secretary of Homeland Security and other federal agencies, to test the cybersecurity of products and technologies used in the energy sector, including those for the bulk-power system (as defined in 16 U.S.C. 824o(a)). bulk-power system — the term has the meaning given in 16 U.S.C. 824o(a). program — the voluntary Energy Cyber Sense program. The program must test products and technologies (including industrial control and operational tech like SCADA), keep a vulnerability reporting system and database tied to federal coordination, help utilities and manufacturers fix problems, review tested items every two years and report on how they handle cyber threats, make buying guidance, give public notice and seek comments before making or changing the testing process, run the tests, and consider incentives to encourage using test results in product design. Information that could harm physical security or cybersecurity must be exempt from disclosure under section 552(b)(3) of title 5 and must not be released under federal, state, or tribal public-record laws. The program does not allow suing the United States over testing done under it.

Full Legal Text

Title 42, §18722

The Public Health and Welfare — Source: USLM XML via OLRC

(a)In this section:
(1)The term “bulk-power system” has the meaning given the term in section 824o(a) of title 16.
(2)The term “program” means the voluntary Energy Cyber Sense program established under subsection (b).
(b)The Secretary, in coordination with the Secretary of Homeland Security and in consultation with the heads of other relevant Federal agencies, shall establish a voluntary Energy Cyber Sense program to test the cybersecurity of products and technologies intended for use in the energy sector, including in the bulk-power system.
(c)In carrying out subsection (b), the Secretary, in coordination with the Secretary of Homeland Security and in consultation with the heads of other relevant Federal agencies, shall—
(1)establish a testing process under the program to test the cybersecurity of products and technologies intended for use in the energy sector, including products relating to industrial control systems and operational technologies, such as supervisory control and data acquisition systems;
(2)for products and technologies tested under the program, establish and maintain cybersecurity vulnerability reporting processes and a related database that are integrated with Federal vulnerability coordination processes;
(3)provide technical assistance to electric utilities, product manufacturers, and other energy sector stakeholders to develop solutions to mitigate identified cybersecurity vulnerabilities in products and technologies tested under the program;
(4)biennially review products and technologies tested under the program for cybersecurity vulnerabilities and provide analysis with respect to how those products and technologies respond to and mitigate cyber threats;
(5)develop guidance that is informed by analysis and testing results under the program for electric utilities and other components of the energy sector for the procurement of products and technologies;
(6)provide reasonable notice to, and solicit comments from, the public prior to establishing or revising the testing process under the program;
(7)oversee the testing of products and technologies under the program; and
(8)consider incentives to encourage the use of analysis and results of testing under the program in the design of products and technologies for use in the energy sector.
(d)Information provided to, or collected by, the Federal Government pursuant to this section the disclosure of which the Secretary reasonably foresees could be detrimental to the physical security or cybersecurity of any component of the energy sector, including any electric utility or the bulk-power system—
(1)shall be exempt from disclosure under section 552(b)(3) of title 5; and
(2)shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.
(e)Nothing in this section authorizes the commencement of an action against the United States with respect to the testing of a product or technology under the program.

Legislative History

Notes & Related Subsidiaries

Statutory Notes and Related Subsidiaries

Wage Rate RequirementsFor provisions relating to rates of wages to be paid to laborers and mechanics on projects for

Construction

, alteration, or repair work funded under div. D or an amendment by div. D of Pub. L. 117–58, including authority of Secretary of Labor, see section 18851 of this title.

Reference

Citations & Metadata

Citation

42 U.S.C. § 18722

Title 42The Public Health and Welfare

Last Updated

Apr 5, 2026

Release point: 119-73not60