H.R. 1160 would require the Department of Energy to issue regulations requiring owners, operators, and users of critical electric infrastructure to report cybersecurity incidents within 24 hours of discovery. Under the bill, critical electric infrastructure refers to systems or assets of the bulk-power system that are essential to preserving national security, economic security, or public health and safety. The bill also would require the department to report annually to the Congress on the number of incidents reported and on the department’s responses.
Using information about current reporting requirements, CBO estimates that the bill would slightly change the way such incidents are reported as well as the storage of incident notifications. CBO estimates that implementing H.R. 1160 would cost $1 million over the 2023-2028 period; any spending would be subject to the availability of appropriated funds.