Congress Watch

Energy Threat Analysis Center Act Would Extend DOE Cyber Defense Through 2031

The Energy Threat Analysis Center Act of 2026 would reauthorize and expand the Department of Energy’s energy cybersecurity support program, keeping the Energy Threat Analysis Center and related threat-sharing tools in place through 2031. The Energy Threat Analysis Center Act would let DOE work with public and private partners to analyze cyber threats, share sensitive information, and help harden critical energy systems.

2026-07-07 Environment & Energy Energy Threat Analysis Center Act 6 min read

What changes

The bill extends DOE’s energy cyber support authority to 2031 and lets the department run the program through an Energy Threat Analysis Center at one or more physical locations.

Congress is moving to keep a little-noticed but high-stakes federal cyber program alive: the Energy Threat Analysis Center Act would extend the Energy Department’s authority to help the energy sector analyze threats, share sensitive information, and strengthen resilience against attacks that can ripple from the grid to hospitals, businesses, and local governments. The Energy Threat Analysis Center Act does not rewrite energy policy wholesale; it reinforces the federal coordination layer meant to help utilities and government security teams spot tactics, techniques, and indicators of compromise before a localized breach turns into a broader disruption.

The latest action on H.R. 7305 came June 29, 2026, when a motion to reconsider was laid on the table and agreed to without objection, keeping the bill moving without recorded controversy. That matters because the existing DOE support authority is tied to a time-limited window, and the bill would push the program forward through 2031. In a sector where cyber threats can affect power delivery, fuel flows, and emergency response, Congress is deciding whether to keep the federal information-sharing infrastructure in place for another five years or let the current framework lapse.

What the Energy Threat Analysis Center Act would do

H.R. 7305 would update section 40125(c) of the Infrastructure Investment and Jobs Act so the Department of Energy can continue operating its Energy Sector Operational Support for Cyberresilience Program under a new authorization window running from 2027 through 2031. The bill also gives the Secretary of Energy authority to carry out the program through an Energy Threat Analysis Center at one or more physical locations, rather than limiting the work to a single model or site.

The practical effect is to preserve and widen DOE’s role as a convener and analyst for cyber issues affecting the energy sector. The department could use contracts, grants, cooperative agreements, and other transactions with public and private partners to support threat analysis, sharing, and mitigation work. That makes the bill less about creating a new cyber agency and more about extending a specialized DOE function that already exists.

The bill’s stated purpose is to strengthen the collective defense, response, and resilience of the U.S. energy sector by improving collaboration and deepening understanding of threat actor tactics, techniques, procedures, indicators of compromise, capabilities, and activities.

Why energy cybersecurity is treated as critical infrastructure

The energy sector is a force multiplier for the rest of the economy. If cyberattacks disrupt electric grids, pipelines, or related systems, the effects can quickly spread to households, hospitals, water systems, businesses, and public safety operations. That is why this bill is framed around infrastructure resilience, not just company security.

The measure is designed to help energy companies and government teams exchange both classified and unclassified information and receive mitigation recommendations that can benefit the broader sector. In cyber defense, that kind of shared visibility can matter as much as direct technical fixes, because attackers often reuse the same methods across multiple targets.

The bill also tries to encourage candor. Information shared under the program is treated as voluntarily shared and is exempt from public disclosure under federal, state, tribal, and local law. The goal is to make utilities and public agencies more willing to hand over sensitive threat details quickly, though that same protection limits outside access to the material moving through the program.

Who gets helped and how the program would operate

The program is not limited to one type of energy operator. DOE would be able to work with public and private partners across the sector, including organizations that need help understanding threat activity, reviewing cyber vulnerabilities, or coordinating a response. That makes the bill relevant to large utilities, smaller operators, and public-sector security teams that depend on federal expertise when threats cross organizational lines.

The bill also says assistance is at the Secretary’s sole and unreviewable discretion, and that sharing information under the program does not create a right or benefit for anyone to receive similar help. In other words, DOE would have wide latitude to decide what support to provide and to whom, without creating a legal entitlement for others to demand the same treatment.

It further removes the program from treatment as a Federal Advisory Committee Act advisory committee, which reduces procedural burdens that can slow federal collaboration. Together, those provisions suggest Congress wants the program to function as a nimble operational tool rather than a public-facing committee structure.

How this bill fits into the broader cyber policy picture

H.R. 7305 sits alongside other energy-security legislation aimed at tightening the sector’s cyber defenses. A separate bill, the Rural and Municipal Utility Cybersecurity Act, would focus federal help more narrowly on smaller utilities with limited resources. The Energy Threat Analysis Center Act takes a broader approach by keeping a DOE-wide threat analysis and information-sharing platform alive for the entire energy sector.

That distinction matters because the energy system is not one cyber environment. Large grid operators, pipelines, public power systems, and smaller local utilities face different risks and have different capacities. A targeted grant program can help under-resourced utilities build defenses, while a threat-analysis center can help the whole sector see patterns, share indicators, and coordinate mitigations.

The bill’s five-year extension also signals a policy choice: Congress appears interested in continuity. Instead of treating energy cyber support as a temporary experiment, H.R. 7305 would lock in another multi-year period for DOE to keep building institutional knowledge, working relationships, and threat intelligence pipelines.

Key takeaways

  • The Energy Threat Analysis Center Act would extend DOE’s energy cyber support program through 2031.
  • It would let DOE operate through an Energy Threat Analysis Center at one or more physical locations.
  • The bill is designed to improve threat analysis, information sharing, and resilience across the energy sector.
  • Shared information would be protected from public disclosure, encouraging more candid reporting but limiting transparency.
  • The measure moved on June 29, 2026, when a motion to reconsider was laid on the table and agreed to without objection.

FAQ

What is the Energy Threat Analysis Center Act?

It is H.R. 7305, a bill that would reauthorize and expand the Department of Energy’s energy sector cybersecurity support program through 2031.

Does the bill create a new agency?

No. It would allow DOE to carry out the program through an Energy Threat Analysis Center at one or more physical locations, but it does not establish a separate agency.

Who would benefit from the bill?

Energy companies, public utilities, and government security teams that rely on DOE for cyber threat analysis, information sharing, and resilience support would be the main beneficiaries.

Would the public be able to see the information shared under the program?

Generally no. The bill treats shared information as voluntarily shared and exempts it from public disclosure under federal, state, tribal, and local law.