S. 2333 would direct the Department of Energy (DOE), in consultation with others, to establish a research, development, and demonstration program to develop advanced cybersecurity applications and technologies for the energy sector. The bill also would direct DOE to establish a cybertesting and mitigation program to identify vulnerabilities in the energy sector, and it directs DOE to establish other operational support and risk assessment programs to secure electric, natural gas, and oil transmission and delivery. The bill would authorize the appropriation of $100 million a year for those purposes.
Based on information from DOE and historical spending patterns for similar activities, CBO estimates that implementing S. 2333 would cost $355 million over the 2020-2024 period and $832 million for the 2020-2029 period, subject to appropriation of the authorized amounts.
The costs of the legislation (detailed in Table 1) fall within budget function 270 (energy).