PROTECT the Grid Act
- Bill Number
- S. 2593
- Origin Chamber
- Senate
- Congress
- 119th Congress, Session 1
- Policy Area
- Energy
- Status
- Introduced
- Latest Action
- 2025-07-31: Read twice and referred to the Committee on Banking, Housing, and Urban Affairs.
- Last Updated
- 2026-02-18T16:07:13Z
AI-Generated Summary
Purpose
The PROTECT the Grid Act aims to protect the U.S. electric grid from potential cyber threats posed by high-wattage Internet-connected devices (like smart appliances) controlled by foreign adversaries. It directs the Secretary of Commerce to assess these risks and recommend safeguards, while reinforcing existing national security measures against foreign manipulation of power demand.
Key Provisions
- Findings and Purposes: The bill outlines congressional concerns about the growing number of Internet of Things (IoT) devices in homes, such as electric vehicle chargers and smart air conditioners, which could be remotely manipulated by foreign entities (especially from China) to disrupt the grid through coordinated power surges or blackouts. Its goals include strengthening the supply chain for information and communications technology (ICT) and ensuring household appliances do not enable foreign interference.
- Definitions:
- High-wattage IoT device: Any Internet-connected appliance or device using over 500 watts of power, for home or business use.
- Foreign adversary: Countries like China, Russia, Iran, North Korea, or Venezuela under Nicolás Maduro.
- Foreign adversary-controlled application: Software or apps (e.g., mobile apps for smart devices) operated by entities influenced by these adversaries.
- Other terms include "covered entity" (entities under foreign adversary control), "critical infrastructure" (essential systems like the power grid), and "relevant federal official" (leaders from agencies involved in cybersecurity).
- Report Requirement: Within 270 days of enactment, the Secretary of Commerce must submit a report to key congressional committees (Senate Commerce, Science, and Transportation; House Energy and Commerce). The report assesses:
- Deployment of high-wattage IoT devices across the U.S.
- Risks from foreign-controlled apps destabilizing the grid (e.g., causing frequency imbalances or cascading failures).
- National security impacts, including potential blackouts.
- Input from industry, consumers, and experts.
The report must include recommendations, such as:
- Applying Executive Order 13873 (on securing ICT supply chains) to restrict transactions involving foreign-controlled apps in IoT devices.
- Banning federal procurement of products with such apps.
- Requiring certifications or labels for secure IoT devices.
- Other measures deemed necessary.
- Codification of Executive Order 13873: The bill makes the 2019 Executive Order on securing the ICT supply chain permanent law, preventing future revocation by executive action. The order's text will be appended to the published statute.
Significant Changes to Existing Law
- Codifies Executive Order 13873, transforming it from a temporary executive policy into statutory law, which gives it stronger legal force and requires congressional action to alter.
- Introduces specific focus on IoT devices and grid vulnerabilities, building on but not directly amending prior laws like the Consumer Product Safety Act or Critical Infrastructures Protection Act.
- No immediate bans or regulations are imposed; changes are prospective based on the forthcoming report's recommendations.
Potential Impacts
- Government Agencies: The Department of Commerce gains a lead role in coordinating cybersecurity assessments with agencies like the Departments of Defense, Energy, and Homeland Security. This could increase interagency collaboration and federal oversight of consumer tech imports.
- Citizens: May lead to safer smart home devices but could raise costs for appliances if new certifications or restrictions apply. Enhanced grid security reduces blackout risks, protecting public safety and the economy from disruptions.
- International Relations: Targets adversaries like China (noted for controlling over 25% of U.S. major appliances), potentially straining trade ties and escalating tech decoupling. It signals U.S. commitment to countering foreign cyber threats without direct sanctions.
Main Stakeholders Affected
- U.S. Government: Departments of Commerce, Energy, and Defense; congressional committees; federal procurement offices.
- Consumers and Households: Owners of smart appliances, who may face device labeling or replacement requirements.
- Industry: Domestic and foreign appliance manufacturers (e.g., those from China); IoT software developers; importers and retailers of consumer products.
- Utilities and Grid Operators: Electric companies benefiting from reduced cyber risks but potentially needing to adapt to new device standards.
- Foreign Entities: Companies under adversary control, facing scrutiny on data access and device deployment in the U.S.
Notable Legal, Constitutional, or Political Implications
- Legal: Strengthens national security authority over consumer tech without infringing on free speech or commerce rights, as it focuses on foreign threats. The report's recommendations could lead to regulations under existing frameworks like the International Emergency Economic Powers Act.
- Constitutional: Aligns with Congress's commerce and defense powers; codifying the executive order reduces reliance on presidential discretion, promoting stability.
- Political: Highlights bipartisan concerns over Chinese influence in critical infrastructure, potentially influencing broader U.S.-China tech policies. It emphasizes academic research on "MaDIoT" (manipulation of demand via IoT) attacks, framing grid security as a non-partisan priority amid rising cyber tensions.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Recent Actions
- 2025-07-31: Read twice and referred to the Committee on Banking, Housing, and Urban Affairs.
- 2025-07-31: Introduced in Senate
Bill Versions
- Preventing Remote Operations by Threatening Entities on Critical Technology for the Grid Act — issued 2025-07-31 — PDF (11 pages)