| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to the security of the electric grid. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. (a) In this section: |
|
|
(1) "Critical infrastructure" means electric utility |
|
|
facilities located in the ERCOT power region. The term does not |
|
|
include power generation facilities. |
|
|
(2) "Cybersecurity" means the activity, process, |
|
|
ability, capability, or state where information and communication |
|
|
systems and the information contained in those systems are |
|
|
protected from and defended against damage, unauthorized use, |
|
|
modification, or exploitation. |
|
|
(3) "Electromagnetic pulse threat" means an |
|
|
electromagnetic pulse caused by intentional means, including an act |
|
|
of terrorism. |
|
|
(4) "Electric utility" has the meaning assigned by |
|
|
Section 31.002, Utilities Code. |
|
|
(5) "ERCOT" has the meaning assigned by Section |
|
|
31.002, Utilities Code. |
|
|
(6) "ERCOT organization" means the independent |
|
|
organization certified under Section 39.151, Utilities Code, for |
|
|
the ERCOT region. |
|
|
(7) "Geomagnetic disturbance" means an event caused by |
|
|
the interaction of a cloud of charged particles produced by the |
|
|
sun's solar storms and the earth's magnetic field. |
|
|
|
|
|
(b) The Electric Grid Security Advisory Committee is |
|
|
created. The committee is composed of the following members: |
|
|
(1) four members appointed by the governor to study |
|
|
electromagnetic pulse threats; and |
|
|
(2) four members appointed by the governor to study |
|
|
cybersecurity. |
|
|
(c) Each member of the committee must have professional |
|
|
experience or technical training in: |
|
|
(1) cybersecurity; |
|
|
(2) electromagnetic interference; |
|
|
(3) electric power generation or transmission; |
|
|
(4) electromagnetic pulse hardening; |
|
|
(5) physical security and controls; |
|
|
(6) space physics and weather; |
|
|
(7) supervisory controls and data acquisition; or |
|
|
(8) emergency preparedness. |
|
|
(d) The governor shall designate a member of the committee |
|
|
to serve as presiding officer. |
|
|
(e) The committee shall convene at the call of the presiding |
|
|
officer. |
|
|
(f) The committee shall study critical infrastructure and |
|
|
its vulnerability to electromagnetic pulse, geomagnetic |
|
|
disturbance, and cybersecurity threats. The study must: |
|
|
(1) evaluate and summarize the current state of the |
|
|
electric grid and associated computer systems and networks; |
|
|
(2) consider and assess the likelihood of potential |
|
|
security threats to the electric grid and associated computer |
|
|
systems and networks; |
|
|
(3) assess whether further efforts are needed to |
|
|
secure the electric grid and associated computer systems and |
|
|
networks against damage, including the threat of electromagnetic |
|
|
pulse or other attacks and natural threats, including solar flares; |
|
|
(4) recommend appropriate measures to secure the |
|
|
electric grid and associated computer systems and networks, taking |
|
|
into account the impact of the potential damage being addressed; |
|
|
and |
|
|
(5) recommend one or more strategies to protect and |
|
|
prepare critical infrastructure in the ERCOT region against |
|
|
relevant threats and present the estimated costs associated with |
|
|
each strategy. |
|
|
(g) The committee may use research and data on |
|
|
electromagnetic pulse threats and cybersecurity gathered by the |
|
|
United States Department of Defense, the United States Department |
|
|
of Energy, the United States Department of Homeland Security, and |
|
|
the Electric Power Research Institute. |
|
|
(h) The committee may share its findings with any state |
|
|
agency it considers important to the security of the electric grid |
|
|
or associated computer systems or networks. To the extent allowed |
|
|
by law, a state agency with which the committee shares information |
|
|
is encouraged to implement any recommendations that the agency |
|
|
determines will improve the security of the state's electric grid |
|
|
or associated computer systems or networks. |
|
|
(i) The ERCOT organization shall cooperate with the |
|
|
committee to provide any information and resources the committee |
|
|
considers important to the study. |
|
|
(j) A member of the committee is not entitled to |
|
|
compensation but is entitled to reimbursement for the member's |
|
|
travel expenses as provided by Chapter 660, Government Code, and |
|
|
the General Appropriations Act. |
|
|
(k) A vacancy on the task force shall be filled for the |
|
|
unexpired term in the same manner as the original appointment. |
|
|
(l) The committee is not subject to Chapter 2110, Government |
|
|
Code. |
|
|
(m) Not later than December 1, 2018, the committee shall |
|
|
prepare a report of its findings, including any recommendations for |
|
|
legislation resulting from the findings, and shall submit the |
|
|
report to the governor. |
|
|
(n) The committee's work relates to sensitive matters of |
|
|
security. Notwithstanding any other law, the meetings, work, and |
|
|
findings of the committee are not subject to the requirements of |
|
|
Chapter 551 or 552, Government Code. Each member of the committee |
|
|
shall sign a nondisclosure agreement stating that the member will |
|
|
not disclose to the public any sensitive or identifiable |
|
|
information related to grid security measures or plans. |
|
|
(o) This section is not intended to penalize electric |
|
|
providers in this state. If deficiencies in the security of the |
|
|
electric grid in the ERCOT region are determined through the |
|
|
process established in this section and the legislature, in |
|
|
consultation with the governor, determines upgrades to the electric |
|
|
grid are necessary, the legislature shall determine whether |
|
|
upgrades will be funded by appropriating general revenue, through a |
|
|
ratepayer cost recovery mechanism, or by a combination of those |
|
|
methods. |
|
|
(p) This section is not intended to prevent an electric |
|
|
utility, municipally owned utility, or electric cooperative from |
|
|
making prudent investments and reasonable and necessary |
|
|
expenditures to secure the electric grid and seeking recovery of |
|
|
associated costs as authorized by the Utilities Code. |
|
|
(q) The committee is abolished and this section expires on |
|
|
December 31, 2018. |
|
|
SECTION 2. Subchapter Z, Chapter 39, Utilities Code, is |
|
|
amended by adding Section 39.917 to read as follows: |
|
|
Sec. 39.917. INFORMATION RELATED TO GRID SECURITY. The |
|
|
independent organization certified under Section 39.151 shall |
|
|
collect and compile information related to the security of the |
|
|
electric grid. The information is confidential and is not subject |
|
|
to disclosure under Chapter 552, Government Code. |
|
|
SECTION 3. The governor shall appoint members to the |
|
|
Electric Grid Security Advisory Committee, as required by this Act, |
|
|
as soon as practicable after the effective date of this Act, but not |
|
|
later than the 120th day after the effective date of this Act. |
|
|
SECTION 4. This Act takes effect immediately if it receives |
|
|
a vote of two-thirds of all the members elected to each house, as |
|
|
provided by Section 39, Article III, Texas Constitution. If this |
|
|
Act does not receive the vote necessary for immediate effect, this |
|
|
Act takes effect September 1, 2017. |