HB7305 amends the Infrastructure Investment and Jobs Act to reauthorize and expand the Department of Energy’s Energy Sector Operational Support for Cyberresilience Program, including the creation of an Energy Threat Analysis Center that can operate at one or more locations. The bill enhances collaboration between government and the energy sector to analyze threats, share information (classified and unclassified), and provide actionable mitigations.
It also establishes guardrails around discretion, disclosure, and oversight, and extends the program’s timeline to 2027–2031. The net effect is a more formalized, intelligence-driven effort to defend critical energy infrastructure, with explicit limits on rights to benefits and heightened protections for shared information.
At a Glance
What It Does
The bill amends Section 40125(c) of the Infrastructure Investment and Jobs Act to expand and reauthorize the Energy Sector Operational Support for Cyberresilience Program and to establish an Energy Threat Analysis Center to carry out its activities. It codifies enhanced government–energy sector collaboration, information exchange (classified and unclassified), and threat analysis with the aim of mitigating operational impacts to energy systems.
Who It Affects
Critical energy infrastructure operators (e.g., electric utilities, transmission operators, pipelines), energy sector information-sharing bodies and private data providers participating in the program, and DOE/federal partners coordinating cyberthreat analysis and resilience efforts.
Why It Matters
This is a formal escalation of the nation’s energy-security posture, enabling centralized threat analysis and rapid mitigation guidance for the energy sector. It creates a dedicated center to house analytics and data-sharing capabilities while embedding necessary protections to keep sensitive information secure and non-public.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The Energy Threat Analysis Center Act of 2026 would reauthorize and expand the DOE program that supports the energy sector’s cyberresilience. The core change is the creation of an Energy Threat Analysis Center that can operate at one or more physical locations and carry out the program’s activities.
The Center would work with both government and private sector participants to analyze threats to energy systems, exchange information (classified and unclassified), and develop recommendations to mitigate risks and disruptions to energy infrastructure. These activities are designed to improve collective defense by sharing insights, threat indicators, and defensive techniques across the sector.
The bill makes clear that participation in and provision of information under the program is voluntary and at the sole discretion of the Secretary. It also states that no right or benefit is created by providing or receiving assistance or information, and it specifies that the program is not an advisory committee under FACA.
Information shared with the Federal Government or with State, Tribal, or local governments is deemed voluntarily shared and exempt from disclosure under FOIA and related state laws. Finally, the bill extends the program’s authorized period from 2022–2026 to 2027–2031, adjusting the timeline and data-management expectations for ongoing cyberthreat analysis and resilience work.Taken together, these changes formalize a centralized approach to energy-sector threat intelligence while preserving strict controls on disclosure, oversight, and the allocation of assistance.
The intention is to bolster resilience against cyber threats without creating new entitlements or reducing confidentiality protections for sensitive information.
The Five Things You Need to Know
The bill reauthorizes and expands the Energy Sector Operational Support for Cyberresilience Program under the Infrastructure Investment and Jobs Act.
It authorizes an Energy Threat Analysis Center that may be established at one or more physical locations to conduct program activities.
Assistance or information provided under the program is at the sole discretion of the Secretary and does not confer a right or benefit to any entity.
Information shared under the program is deemed voluntarily shared and exempt from disclosure under FOIA and related state laws; the program is not a FACA advisory committee.
The authorization window is moved from 2022–2026 to 2027–2031.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Expanded program authority and cross-sector collaboration
The amended text expands the existing IIJA program by redesignating and inserting new elements that strengthen collaboration between the government and the energy sector. It emphasizes threat analysis, mitigation recommendations, and the sharing of intelligence-driven data to support energy-system resilience. This sets the stage for a more integrated, ongoing defense posture across both public and private energy actors.
Energy Threat Analysis Center establishment
The bill creates the Energy Threat Analysis Center, which may be established at one or more physical locations and tasked with carrying out program activities. The Center is the operational hub for housing analytics, data sharing, alerts, and collaboration activities that enable intelligence-informed defense measures for energy infrastructure.
No right or benefit; discretionary assistance
The bill states that assistance or information provided under the program is at the sole and unreviewable discretion of the Secretary. It also clarifies that providing or receiving assistance does not create any legal right or benefit for any other entity. This preserves flexibility for the Secretary to prioritize resources and guard sensitive information.
Nonapplicability of FACA
The Center’s activities are not to be treated as an advisory committee under the Federal Advisory Committee Act. This reduces formal oversight requirements but does not remove any accountability mechanisms that remain appropriate for security-related work.
Disclosure exemptions for shared information
Information shared with the Federal Government or with State, Tribal, or local governments is deemed voluntarily shared and exempt from disclosure under FOIA and corresponding state laws. This protects sensitive threat information while enabling needed coordination for defense of energy systems.
Timeline extension for program authorization
The text updates the program’s timeframe from 2022–2026 to 2027–2031, aligning the operating horizon with longer-term cyber resilience planning and analytics development.
This bill is one of many.
Codify tracks hundreds of bills on Energy across all five countries.
Explore Energy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Electric utilities and major transmission operators gain access to centralized threat intelligence, analytics, and mitigation recommendations that can reduce incident impact and recovery time.
- Independent system operators (ISOs) and regional transmission organizations benefit from coordinated intelligence sharing and standardized threat indicators applicable to grid operations.
- Energy sector information-sharing bodies (ISACs) and private data providers can participate in structured data exchange, improving position in defense and risk management programs.
- DOE and federal agencies gain enhanced visibility into sector-level risks, enabling faster decision-making and resource allocation for national energy security.
- Energy sector cybersecurity professionals receive access to advanced analytics capabilities and threat information to inform hardening and incident response efforts.
Who Bears the Cost
- DOE and other federal agencies incur costs to establish and operate the Energy Threat Analysis Center and maintain ongoing analytics capacity.
- Private sector entities that participate by sharing data or information bear direct time and resource costs associated with data collection, formatting, and secure transmission.
- Contractors and service providers supporting the Center may face project-based or ongoing costs to implement required infrastructure and security controls.
- There may be indirect costs related to privacy governance and legal/compliance staffing to ensure information handling aligns with exemptions and protections.
Key Issues
The Core Tension
The central dilemma is balancing strengthened cyberdefense through centralized threat analysis and rapid information sharing with the need for transparency, accountability, and equitable access to intelligence and resources.
The bill creates a centralized information-sharing framework intended to strengthen national energy security while maintaining strict confidentiality. A central tension is between enabling robust threat analysis and protecting sensitive operational data from disclosure or misuse.
By exempting shared information from FOIA and excluding the Center from FACA oversight, the bill prioritizes swift, coordinated action over broad public transparency. These choices reduce formal safeguards, raising questions about accountability and the potential for uneven access to information or favored treatment for certain private entities.
Practically, the Center’s discretionary authority means some participants may receive more timely or detailed insights than others, depending on Secretary-level decisions, funding, and security clearances. Finally, extending the program through 2031 courts the future budget and resource commitments into a longer horizon, which has implications for long-term planning and interagency coordination.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.