LegisTrack
Back to all bills
S 1902119th CongressIntroduced

ETAP Act of 2025

Introduced: May 22, 2025
Defense & National SecurityInfrastructureTechnology & Innovation
View on Congress.gov
Standard Summary
Comprehensive overview in 1-2 paragraphs

The Energy Threat Analysis Program Act of 2025 (ETAP Act) would require the Secretary of Energy to create a formal Energy Threat Analysis Program (ETAP) within the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), with input from the Office of Intelligence and Counterintelligence. The program would establish an Energy Threat Analysis Center (and other facilities as needed) to improve the energy sector’s situational awareness, threat analysis, and resilience. It would promote public-private collaboration on threat information sharing, identify security mitigations for energy systems, support response and restoration activities, inform related research and development, and expand coordination with the intelligence community and industry through the Electricity Information Sharing and Analysis Center (E-ISAC). The bill also sets up interagency coordination with DHS, DoD, DOJ, ODNI, and others, requires regular consultation with non-federal partners (states, tribes, industry, etc.), and directs annual reporting to Congress. It authorizes $50 million for 2025–2029 and provides for a 10-year term termination of the program, along with strong information-sharing protections and limitations on participation by certain entities.

Key Points

  • 1Establishes the Energy Threat Analysis Program (ETAP) within CESER, including an Energy Threat Analysis Center as a physical location, to boost energy sector threat awareness and resilience.
  • 2Aims to: (a) analyze threats to energy security, (b) develop actionable mitigation guidance, (c) support energy sector response and restoration, and (d) inform energy-related R&D and security efforts; also to expand collaboration with E-ISAC and other industry partners.
  • 3Requires coordinated, cross-agency operations with DHS (including CISA), DoD (including USCYBERCOM, NSA, Army National Guard education center), DOJ (FBI), ODNI, and other federal entities; aligns with DHS/DOD cybersecurity activities (e.g., Joint Cyber Defense Collaborative, NSA’s Enduring Security Framework).
  • 4Emphasizes public-private collaboration and information sharing, including secure exchanges of threat activity and incidents in both physical and virtual settings; requires consultation with non-federal stakeholders (states, tribes, territorial entities, ISACs, manufacturers, vendors, etc.).
  • 5Allows leveraging existing capabilities (National Laboratories, commercial threat intel, energy vendors) and commits to protecting sensitive information in accordance with laws and procedures.
  • 6Prohibits participation by entities of concern; clarifies no right to federal assistance or information is created; information shared is treated as voluntarily shared and exempt from public disclosure.
  • 7Provides for a 10-year term and an annual congressional report on program achievements and improvements; authorizes $50 million in appropriations for 2025–2029.

Impact Areas

Primary group/area affected: U.S. energy sector (electric utilities, gas/oil infrastructure, energy system operators, vendors, manufacturers) and the federal agencies involved in energy security and cyber defense.Secondary group/area affected: federal intelligence and law enforcement community; state, local, and tribal governments; information sharing and analysis organizations (ISACs, including E-ISAC); energy sector private sector partners.Additional impacts: improved national energy security resilience through better threat intel, faster incident response, and enhanced public-private coordination; potential limitations on information disclosure and ongoing concerns about transparency due to FOIA/NDA protections; a finite 10-year timeline with a dedicated funding envelope that may influence long-term planning and transition; potential administrative burden on private entities to coordinate with the new program, though designed to leverage existing industry channels.ETAP: Energy Threat Analysis Program, the proposed DOE initiative.Energy Threat Analysis Center: a dedicated physical facility to support the program.E-ISAC: Electricity Information Sharing and Analysis Center, a key industry information-sharing platform.“Entities of Concern”: a defined category (referenced from another law) that would be barred from participating in the program.FACA exemption: the program would not be subject to formal federal advisory committee act requirements, affecting oversight and public process.
Generated by gpt-5-nano on Oct 3, 2025