Bill Summary
The "Preventing Remote Operations by Threatening Entities on Critical Technology for the Grid Act" (or "PROTECT the Grid Act") is a proposed legislation aimed at safeguarding the U.S. electric grid from vulnerabilities posed by Internet-connected devices, particularly those controlled by foreign adversaries. The act recognizes the increasing prevalence of high-wattage Internet of Things (IoT) devices, such as smart appliances, which could be manipulated to disrupt power demand and threaten grid stability.
Key provisions of the act include:
1. **Assessment of Vulnerabilities**: The Secretary of Commerce is directed to prepare a report within 270 days that evaluates the national security risks associated with foreign adversary-controlled applications capable of manipulating high-wattage IoT devices. This report will consider the extent of these devices' deployment, potential risks, and input from various stakeholders.
2. **Recommendations for Mitigation**: The report will also include recommendations to mitigate identified risks, such as restricting federal procurement of devices with foreign adversary-controlled applications and suggesting certification procedures for high-wattage IoT devices.
3. **Codification of Security Measures**: The legislation aims to codify existing executive orders that address the security of the information and communication technology supply chain, reinforcing efforts to prevent foreign manipulation of critical infrastructure.
Overall, the act emphasizes the need for enhanced security measures to protect the electric grid from potential threats that could arise from foreign-controlled smart technology.
Possible Impacts
Here are three examples of how the **"PROTECT the Grid Act"** could affect people:
1. **Increased Security for Consumers**: The legislation mandates an assessment of vulnerabilities associated with Internet-connected devices, particularly high-wattage IoT devices like smart appliances. By ensuring these devices are secure against foreign adversary manipulation, consumers may benefit from increased safety and reliability in their electrical systems. This could reduce the risk of unexpected blackouts or disruptions caused by cyber-attacks, leading to a more stable and secure home environment.
2. **Government Procurement Policies**: The Act may lead to restrictions on government purchases of consumer products that use foreign adversary-controlled applications. This could translate into a broader market impact, where manufacturers of IoT devices may need to comply with new regulations or certification processes to sell their products to government agencies. Individuals working in industries related to IoT manufacturing or cybersecurity may see changes in employment opportunities or job requirements as businesses adapt to these new regulations.
3. **Consumer Awareness and Education**: The report required by the Secretary of Commerce could lead to increased public awareness about the security risks associated with smart appliances and IoT devices. As consumers become more informed about these risks, they may demand more transparency and security features from manufacturers. This shift could encourage companies to prioritize cybersecurity in their product designs, ultimately leading to safer technology for consumers. Additionally, educational initiatives may arise to help people understand how to secure their devices and mitigate potential risks.
[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 7208 Introduced in House (IH)]
<DOC>
119th CONGRESS
2d Session
H. R. 7208
To direct the Secretary of Commerce to submit a report assessing
vulnerabilities to the electric grid in the United States from certain
Internet-connected devices and applications, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
January 22, 2026
Mr. Crenshaw introduced the following bill; which was referred to the
Committee on Energy and Commerce, and in addition to the Committees on
Foreign Affairs, Oversight and Government Reform, Ways and Means,
Intelligence (Permanent Select), and Homeland Security, for a period to
be subsequently determined by the Speaker, in each case for
consideration of such provisions as fall within the jurisdiction of the
committee concerned
_______________________________________________________________________
A BILL
To direct the Secretary of Commerce to submit a report assessing
vulnerabilities to the electric grid in the United States from certain
Internet-connected devices and applications, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Preventing Remote Operations by
Threatening Entities on Critical Technology for the Grid Act'' or the
``PROTECT the Grid Act''.
SEC. 2. FINDINGS; PURPOSES.
(a) Findings.--Congress finds that--
(1) the rapid proliferation of high-wattage IoT devices,
such as electric vehicle chargers, clothes dryers, smart air
conditioners, water heaters, ovens, and similar appliances, has
dramatically increased the number of connected devices in
households in the United States;
(2)(A) smart appliance applications and software platforms
increasingly serve as remote control interfaces; and
(B) when those applications and software platforms
originate from companies operating under the jurisdiction or
direction of foreign adversaries they offer a pathway for
large-scale, coordinated manipulation of power demand,
threatening grid stability;
(3)(A) in certain foreign adversary jurisdictions,
particularly the People's Republic of China, private companies
are subject to formal political oversight through mechanisms
such as, in the case of the People's Republic of China,
embedded Chinese Communist Party committees and executive-level
Chinese Communist Party leadership; and
(B) those arrangements blur the lines between commercial
activity and state-directed strategic interests;
(4) further elevating the risk to the United States
electric grid is the 2017 Cybersecurity Law of the People's
Republic of China (commonly referred to as the ``Chinese
Cybersecurity Law''), which mandates that Chinese companies
store customer data domestically and grant Chinese state
authorities broad access to those data;
(5) the legal and political structures described in
paragraphs (3) and (4) increase the likelihood that connected
home appliances could be leveraged by foreign adversaries to
target critical infrastructure in the event of a conflict with
the United States;
(6) companies controlled by foreign adversaries--
(A) are actively pursuing rapid deployment of high-
wattage IoT devices that could be used to attack the
electric grid in the United States; and
(B) control more than 25 percent of the major
appliance industry in the United States, which provides
an established platform for quickly deploying those
high-wattage IoT devices;
(7) through smart applications, companies controlled by
foreign adversaries--
(A) are actively collecting detailed consumer data
on millions of people in the United States; and
(B) have the ability to directly manipulate the
demand of high-wattage devices on the electric grid;
(8) as a result, foreign adversary-controlled applications
for high-wattage IoT devices create significant risk of
coordinated, deliberate, demand-manipulation attacks on the
electric grid in the United States;
(9) several academic studies from researchers at Princeton
University, the Georgia Institute of Technology, and the
University of California, Santa Cruz, point to significant
risks of manipulation of demand via IoT (commonly referred to
as ``MaDIoT'') attacks to manipulate power demand on the
electric grid that could result in large-scale blackouts and
potential damage to the electric grid;
(10) it is therefore critical to protect energy
infrastructure in the United States by ensuring that smart
applications embedded in home appliances are secure and cannot
serve as an entry point for foreign adversaries; and
(11) failing to address the vulnerabilities presented by
those smart applications could lead to grid instability,
frequency imbalances, cascading system failures, and,
ultimately, catastrophic disruptions that jeopardize both
public safety and the broader economy of the United States.
(b) Purposes.--The purposes of this Act are--
(1) to harmonize and reinforce existing national security
initiatives aimed at securing the domestic information and
communications technology and services (commonly referred to as
``ICTS'') supply chain against manipulation of demand,
especially by the People's Republic of China; and
(2) to direct the Secretary of Commerce, in consultation
with other relevant Federal officials, to submit to Congress a
report containing findings and recommendations to ensure that
network-connected home appliances in households in the United
States do not serve as a conduit for activities by foreign
adversaries or jeopardize the stability of the electric grid in
the United States.
SEC. 3. DEFINITIONS.
In this Act:
(1) Consumer product.--The term ``consumer product'' has
the meaning given the term in section 3(a) of the Consumer
Product Safety Act (15 U.S.C. 2052(a)).
(2) Covered entity.--The term ``covered entity'' means an
entity that--
(A) is subject to the jurisdiction of a foreign
adversary;
(B) is directly or indirectly operating on behalf
of a foreign adversary; or
(C) is owned by, directly or indirectly controlled
by, or otherwise subject to the direction or influence
of, a foreign adversary.
(3) Critical infrastructure.--The term ``critical
infrastructure'' has the meaning given the term in subsection
(e) of the Critical Infrastructures Protection Act of 2001 (42
U.S.C. 5195c).
(4) Foreign adversary.--The term ``foreign adversary''
means any covered nation (as defined in section 4872(f) of
title 10, United States Code).
(5) Foreign adversary-controlled application.--The term
``foreign adversary-controlled application'' means a website,
desktop application, mobile application, or augmented or
immersive technology application that is operated, directly or
indirectly (including through a parent, subsidiary, or
affiliate (as those terms are defined in section 230.405 of
title 17, Code of Federal Regulations (as in effect on the date
of enactment of this Act))), by a covered entity.
(6) High-wattage iot device.--The term ``high-wattage IoT
device'' means any Internet-connected appliance or device that
is capable of consuming or controlling electrical power at a
level exceeding 500 watts, regardless of whether the device is
used or designed for use in residential or commercial
applications.
(7) IoT.--The term ``IoT'' means Internet of Things.
(8) Relevant federal official.--The term ``relevant Federal
official'' means--
(A) any Federal official described in section 1(a)
of Executive Order 13873 (84 Fed. Reg. 22689; relating
to securing the information and communications
technology and services supply chain) (as in effect on
the date of enactment of this Act) (or a designee of
the applicable Federal official); and
(B) the head (or a designee of the head) of any
other Federal department or agency that, in the
determination of the Secretary of Commerce, is relevant
to the purposes of this Act.
SEC. 4. REPORT ON NATIONAL SECURITY RISKS POSED BY FOREIGN ADVERSARY-
CONTROLLED APPLICATIONS WITH THE CAPABILITY OF
CONTROLLING HIGH-WATTAGE IOT DEVICES.
(a) In General.--Not later than 270 days after the date of
enactment of this Act, the Secretary of Commerce, in coordination with
other relevant Federal officials, shall submit to the Committee on
Commerce, Science, and Transportation of the Senate and the Committee
on Energy and Commerce of the House of Representatives a report
assessing the national security risks associated with foreign
adversary-controlled applications with the ability to attack or
undermine critical infrastructure in the United States.
(b) Considerations.--In preparing the report under subsection (a),
the Secretary of Commerce shall consider, at a minimum--
(1) the extent of deployment of high-wattage IoT devices
across the United States;
(2) risks relating to foreign adversary-controlled
applications, especially those incorporated into consumer
products that could be used to attack or otherwise destabilize
the electric grid;
(3) potential impacts of those risks and any other relevant
vulnerabilities on national security, including the risks of
frequency imbalances, cascading failures, and other disruptions
to critical infrastructure; and
(4) public comments and input from industry experts,
domestic producers, importers, consumer groups, and other
stakeholders regarding the security of, and the extent of
foreign influence over, foreign adversary-controlled
applications and high-wattage IoT devices.
(c) Recommendations.--The report submitted under subsection (a)
shall include recommendations for mitigation measures to address any
identified national security risks, which may include--
(1) an assessment of how Executive Order 13873 (84 Fed.
Reg. 22689; relating to securing the information and
communications technology and services supply chain) (as in
effect on the date of enactment of this Act) may be applied to
IoT devices, as such devices apply to the electric grid, to
include restrictions or conditions on transactions directly
involving foreign adversary-controlled applications in high-
wattage IoT devices;
(2) specifically restricting the procurement by the Federal
Government of consumer products with a foreign adversary-
controlled application;
(3) certification or labeling requirements for high-wattage
IoT devices; and
(4) any other proposal, as determined necessary by the
Secretary of Commerce, in consultation with other relevant
Federal officials.
SEC. 5. CODIFICATION OF EXECUTIVE ORDER 13873.
(a) In General.--The provisions of Executive Order 13873 (84 Fed.
Reg. 22689; relating to securing the information and communications
technology and services supply chain) (as in effect on the date of
enactment of this Act) are enacted into law.
(b) Publication.--In publishing this Act in slip form and in the
United States Statutes at Large pursuant to section 112 of title 1,
United States Code, the Archivist of the United States shall include
after the date of approval at the end an appendix setting forth the
text of the Executive order referred to in subsection (a) (as in effect
on the date of enactment of this Act).
<all>