BILL NUMBER: AB 853AMENDED BILL TEXT AMENDED IN SENATE SEPTEMBER 1, 2015 AMENDED IN SENATE AUGUST 18, 2015 AMENDED IN ASSEMBLY APRIL 30, 2015 AMENDED IN ASSEMBLY MARCH 24, 2015 INTRODUCED BY Assembly Member Roger Hernndez FEBRUARY 26, 2015 An act to add Section 764 to the Public Utilities Code, relating to energy. LEGISLATIVE COUNSEL'S DIGEST AB 853, as amended, Roger Hernndez. Electrical and gas corporations: security of plant and facilities. Under existing law, the Public Utilities Commission has regulatory authority over public utilities, including electrical corporations and gas corporations, as defined. If the commission finds after a hearing that the rules, practices, equipment, appliances, facilities, or service of any public utility, or of the methods of manufacture, distribution, transmission, storage, or supply employed by the public utility, are unjust, unreasonable, unsafe, improper, inadequate, or insufficient, the Public Utilities Act requires that the commission determine and, by order or rule, fix the rules, practices, equipment, appliances, facilities, service, or methods to be observed, furnished, constructed, enforced, or employed. The Public Utilities Act requires the commission to prescribe rules for the performance of any service or the furnishing of any commodity of the character furnished or supplied by any public utility and, on proper demand and tender of rates, require the public utility to furnish the commodity or render the service within the time and upon the conditions provided in the rules adopted by the commission. This bill would , on and after the filing of an electrical corporation's or gas corporation's general rate case application, requireanthat electrical corporation or gas corporation , except as provided, to utilizedirect employees, as defined,employees of that corporation for any work associated with the design, engineering, and operation of its nuclear, electrical, and gas infrastructure, including all computer and information technology systems, unless the utility files a request to employ persons that are notdirectemployees with the commissionan application inas a part of the utility's general ratecase.case application. The bill would require that the request be a separate stand-alone section that is not embedded in the general requested staffing change proposals. The bill would require the utility to demonstrate that the work can be performed safely and securely, and without jeopardizing the security of its nuclear, electrical, and gas infrastructure, by persons that are notdirectemployees. The bill would require the commission to evaluate the utility's proposal to utilize persons that are notdirectemployees. The bill would require the commission to issue a written decision, as part of the general rate case proceeding, determining whether the electrical corporation or gas corporation may utilize persons that are notdirectemployees for the described work. Under existing law, a violation of the Public Utilities Act or any order, decision, rule, direction, demand, or requirement of the commission is a crime. Because the provisions of this bill would be a part of the act and because a violation of an order or decision of the commission implementing its requirements would be a crime, the bill would impose a state-mandated local program by creating a new crime. The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement. This bill would provide that no reimbursement is required by this act for a specified reason. Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: yes. THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS: SECTION 1 . The Legislature finds and declares all of the following: (a) Protecting the security of nuclear, electrical, and natural gas utility systems is a paramount state interest. (b) Protecting the privacy of ratepayers' personal information, including usage information, is a paramount state interest. (c) Recent intrusions into major corporate computer systems, including Sony and Anthem Blue Cross, and the theft of information from those systems have demonstrated the vulnerability of those systems. (d) The computer systems of California's electrical corporations and gas corporations have information about the design, engineering, and operation of the nuclear, electrical, and natural gas utility infrastructure, as well as personal information about California ratepayers. This information could be used to compromise the security of California's utility infrastructure and the privacy of California' s ratepayers. (e) Widespread deployment of smart meters, smart grid equipment, and microgrids increases the importance of protecting the computer systems of electrical corporations and gas corporations. (f) The part of any computer system that is most vulnerable to being compromised is the personnel who operate that system. (g) Electrical corporations and gas corporations should make every reasonable effort to protect their computer systems from unauthorized intrusions. (h) To protect the security of electrical and natural gas utility computer systems, including nuclear infrastructure, the information technology personnel who operate those systems should be employees of the electrical corporation or gas corporation. (i) To protect the security of nuclear, electrical, and gas utility infrastructure, the design, engineering, and operation of that infrastructure should, to the extent feasible, be performed by employees of the electrical corporation or gas corporation.SECTION 1.SEC. 2. Section 764 is added to the Public Utilities Code, to read: 764. (a)The Legislature finds and declares all of the following:An electrical corporation or gas corporation shall utilize employees of the electrical corporation or gas corporation for any work associated with the design, engineering, and operation of its nuclear, electrical, and gas infrastructure, including all computer and information technology systems, unless the utility complies with the requirements of this section and obtains the approval of the commission pursuant to this section.(1) Protecting the security of nuclear, electrical, and natural gas utility systems is a paramount state interest.(2) Protecting the privacy of ratepayers' personal information, including usage information, is a paramount state interest.(3) Recent intrusions into major corporate computer systems, including Sony and Anthem Blue Cross, and the theft of information from those systems have demonstrated the vulnerability of those systems.(4) The computer systems of California's electrical corporations and gas corporations have information about the design, engineering, and operation of the nuclear, electrical, and natural gas utility infrastructure, as well as personal information about California ratepayers. This information could be used to compromise the security of California's utility infrastructure and the privacy of California' s ratepayers.(5) Widespread deployment of smart meters, smart grid equipment, and microgrids increases the importance of protecting the computer systems of electrical corporations and gas corporations.(6) The part of any computer system that is most vulnerable to being compromised is the personnel who operate that system.(7) Electrical corporations and gas corporations should make every reasonable effort to protect their computer systems from unauthorized intrusions.(8) To protect the security of electrical and natural gas utility computer systems, including nuclear infrastructure, the information technology personnel who operate those systems should be direct employees of the electrical corporation or gas corporation.(9) To protect the security of nuclear, electrical, and gas utility infrastructure, the design, engineering, and operation of that infrastructure should, to the extent feasible, be performed by direct employees of the electrical corporation or gas corporation.(b) For purposes of this section, "direct employees" for construction or maintenance work include the employees of a contractor or subcontractor licensed in California and working under the direct supervision of the electrical corporation or gas corporation.(c) An electrical corporation or gas corporation shall utilize direct employees for any work associated with the design, engineering, and operation of its nuclear, electrical, and gas infrastructure, including all computer and information technology systems, unless the utility complies with the requirements of this section and obtains the approval of the commission pursuant to this section.(d)(b) Before utilizing persons that are notdirectemployees of the electrical corporation or gas corporation for work associated with the design, engineering, and operation of its nuclear, electrical, and gas infrastructure, including all computer and information technology systems, an electrical corporation or gas corporation shall file a request to employ persons that are notdirectemployees with the commission, as part of the utility's general rate case application. The request shall be a separate stand-alone section that is not embedded in the general requested staffing change proposals. The utility shall demonstrate that the work can be performed safely and securely, and without jeopardizing the security of its nuclear, electrical, and gas infrastructure.(e)(c) The commission shall evaluate the utility's proposal to utilize persons that are notdirectemployees of the electrical corporation or gas corporation for work associated with the design, engineering, and operation of its nuclear, electrical, and gas infrastructure, including all computer and information technology systems.(f)(d) The commission shall issue a written decision as part of the general rate case proceeding determining whether the electrical corporation or gas corporation may utilize persons that are notdirectemployees of the electrical or gas corporation for the described work.(g)(e) A person or corporation owning or operating a qualifying facility pursuant to federal law or a facility that is an exempt wholesale generator is not an electrical corporation due to the ownership or operation of that facility. This subdivision is declaratory of existing law. (f) The requirements of this section are applicable only to electrical corporations or gas corporations that file general rate cases with the commission. (g) (1) This section does not apply to an electrical corporation or gas corporation contracting out construction, alteration, demolition, installation, maintenance, or repair work on its nuclear, electrical, or gas infrastructure. (2) This section does not apply to the design and engineering of standard equipment purchased from an outside vendor. (3) For each electrical or gas corporation, this section shall become effective for that corporation upon the filing, on or after January 1, 2016, of that corporation's general rate case application.SEC. 2.SEC. 3. No reimbursement is required by this act pursuant to Section 6 of Article XIII B of the California Constitution because the only costs that may be incurred by a local agency or school district will be incurred because this act creates a new crime or infraction, eliminates a crime or infraction, or changes the penalty for a crime or infraction, within the meaning of Section 17556 of the Government Code, or changes the definition of a crime within the meaning of Section 6 of Article XIII B of the California Constitution.