The Congressional Budget Office (CBO) reported on Oct. 31 that the Energy Cybersecurity Act of 2019 would cost $832 million to implement over the next 10 years, with $355 million of that spent during the first five years.
Sens. Maria Cantwell, D-Wash., and Martin Heinrich, D-N.M., both members of the Senate Committee on Energy & Natural Resources, introduced the legislation on July 31, 2019, and the committee approved the measure on Sept. 25. If signed into law, the bill would create several new programs within the Department of Energy (DoE) to “identify, enhance, and test supply chain vulnerabilities and response capabilities between the DoE and other agencies, national labs, and private industry.”
In its report, CBO noted the legislation currently authorizes the appropriation of $100 million a year to implement and manage the new programs and initiatives within DoE, including a cybertesting and mitigation program and operational support and risk assessment programs. However in its estimate, CBO said that the bill would only cost $355 million to implement over the 2020-2024 period and, $832 million for the 2020-2029 period – coming in under budget over the ten-year period. CBO said it based its estimate on historical similar patterns for analogous activities.
Cantwell’s office said the goal of the bill is to “secure energy networks, bolster industry participation in information sharing, address the cyber workforce, enhance monitoring tools, and expand DoE’s cooperation with the intelligence community.”