85R2330 GRM-D
By: Hall S.B. No. 83
A BILL TO BE ENTITLED
AN ACT
relating to protection of energy critical infrastructure from
electromagnetic, geomagnetic, terrorist, and cyber-attack threats.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Chapter 418, Government Code, is amended by
adding Subchapter I to read as follows:
SUBCHAPTER I. ELECTROMAGNETIC THREAT PREPAREDNESS
Sec. 418.201. ELECTROMAGNETIC THREAT PREPAREDNESS TASK
FORCE. (a) In this section, "energy critical infrastructure"
means an electrical power-generating facility, substation,
switching station, electrical control center, or electrical
transmission or distribution facility and includes an associated
electronic control center and other electronic infrastructure used
in electric power delivery.
(b) The electromagnetic threat preparedness task force is
created. The task force shall develop a comprehensive recovery
plan.
(c) The task force consists of 10 members appointed by the
chief described by Section 418.041. Each member must be a regional
emergency management representative.
(d) The task force shall:
(1) identify and develop technical and electronic
resources to assist the division in the division's functions;
(2) implement a program to educate owners and
operators of energy critical infrastructure and vital utility
facilities and emergency responders about electromagnetic,
geomagnetic, and cyber-attack threats;
(3) evaluate emergency planning and response
technologies related to electromagnetic, geomagnetic, and
cyber-attack threats;
(4) develop a comprehensive threat protection and
recovery plan for energy critical infrastructure and vital utility
facilities of this state against electromagnetic, geomagnetic,
terrorist, and cyber-attack threats; and
(5) identify and compile a comprehensive list of
contractors capable of performing work to increase the security of
the electric grid.
(e) Information collected by the task force related to the
security of the electric grid is confidential and is not subject to
disclosure under Chapter 552.
(f) Not later than September 1, 2018, the task force shall
prepare and submit to the governor and the legislature a report of
the task force's findings and recommendations.
(g) A member of the task force established under this
section is not entitled to compensation. Members may be reimbursed
for expenses as follows:
(1) a member is entitled to reimbursement for travel
and other necessary expenses as provided in the General
Appropriations Act; and
(2) a member appointed as a representative of a state
agency is eligible for reimbursement for travel and other necessary
expenses according to the applicable agency's policies.
(h) This section expires September 1, 2018.
Sec. 418.202. TECHNOLOGICAL HAZARDS. (a) In this section,
"energy critical infrastructure" means an electrical
power-generating facility, substation, switching station,
electrical control center, or electrical transmission or
distribution facility and includes an associated electronic
control center and other electronic infrastructure used in electric
power delivery.
(b) The division shall implement the comprehensive threat
protection and recovery plan developed by the electromagnetic
threat preparedness task force for energy critical infrastructure
and vital utility facilities of this state against electromagnetic,
geomagnetic, terrorist, and cyber-attack threats.
(c) The governor may instruct an agency to take actions as
are necessary to implement the comprehensive threat protection and
recovery plan developed by the electromagnetic threat preparedness
task force.
(d) Information collected by the division related to the
security of the electric grid is confidential and is not subject to
disclosure under Chapter 552.
SECTION 2. Chapter 39, Utilities Code, is amended by adding
Subchapter M to read as follows:
SUBCHAPTER M. GRID SECURITY
Sec. 39.601. INFORMATION RELATED TO GRID SECURITY. The
independent organization certified under Section 39.151 shall
collect and compile information related to the security of the
electric grid. The information is confidential and is not subject
to disclosure under Chapter 552, Government Code.
Sec. 39.602. ELECTRIC GRID SECURITY PROGRAM. (a) In this
section:
(1) "Committee" means the Electric Grid Security
Advisory Committee.
(2) "Energy critical infrastructure" has the meaning
assigned by Section 418.202, Government Code.
(b) The commission shall establish a program to meet
implementation deadlines and pay costs incurred to increase the
security of the electric grid in ERCOT. The program must be
designed to pay for:
(1) an audit related to security of the electric grid
and associated computer systems and networks conducted by:
(A) an independent security expert for a
transmission and distribution utility;
(B) an independent organization certified by the
commission under Section 39.151;
(C) an electric cooperative;
(D) a river authority; or
(E) a municipally owned utility operating in
ERCOT;
(2) reimbursement of an investment made or expense
incurred to implement a measure recommended by the committee or
implement a recommendation made in an audit conducted under
Subdivision (1) by:
(A) a transmission and distribution utility;
(B) an independent organization certified by the
commission under Section 39.151;
(C) an electric cooperative;
(D) a river authority; or
(E) a municipally owned utility operating in
ERCOT;
(3) an expense incurred by the committee related to
the retention of a consultant or other necessary expert to assist
the committee in performing a duty of the committee;
(4) reimbursement to a member of the committee for
travel expenses; and
(5) reimbursement of a cost incurred by the commission
in administering this section.
(c) Entities other than the commission seeking
reimbursement from the program shall provide adequate
documentation to the committee to demonstrate that the investment,
expense, or cost is eligible for reimbursement under this section.
The commission shall authorize reimbursement of an eligible
investment, expense, or cost on receipt of a certification from the
committee that the item is eligible under this section not later
than five business days after the date of the receipt of a valid
certification.
(d) The commission shall report each quarter the total
amount paid by the program for each of the categories listed in
Subsection (b) to the governor, lieutenant governor, and speaker of
the house of representatives.
(e) This section does not prevent recovery authorized by
this title for a cost incurred through a reasonable and necessary
expenditure related to an ongoing effort to secure electric
facilities from physical and cybersecurity threats by:
(1) a transmission and distribution utility;
(2) an independent organization certified by the
commission under Section 39.151;
(3) an electric cooperative;
(4) a river authority; or
(5) a municipally owned utility operating in ERCOT.
(f) The program may not pay for an audit described by
Subsection (b)(1) that is conducted by an independent security
expert unless the expert meets professional standards adopted by
commission rule that are at least as stringent as those required for
certification as a:
(1) certified information systems security
professional (CISSP) by the International Information System
Security Certification Consortium; or
(2) global industrial cyber security professional
(GICSP) by the Global Information Assurance Certification.
Sec. 39.603. GRID SECURITY ADVISORY COMMITTEE. (a) The
Electric Grid Security Advisory Committee is composed of the
following members:
(1) two members appointed by the governor;
(2) two members appointed by the lieutenant governor;
and
(3) two members appointed by the speaker of the house
of representatives.
(b) The governor shall designate a member of the committee
to serve as presiding officer.
(c) The committee shall convene at the call of the presiding
officer.
(d) The committee shall study the Texas electric grid and
the computer systems and networks related to the grid. The study
must:
(1) evaluate and summarize the current state of the
electric grid and associated computer systems and networks;
(2) research and consider potential security threats
to the electric grid and to associated computer systems and
networks;
(3) assess whether further efforts are needed to
secure the electric grid and associated computer systems and
networks against damage, including the threat of electromagnetic
pulse or other attacks and natural threats, including solar flares;
(4) recommend measures to secure the electric grid and
associated computer systems and networks against damage;
(5) recommend a program to develop technical expertise
in the protection of the electric transmission and distribution
system against electromagnetic, geomagnetic, and cyber-attack
threats;
(6) determine energy critical infrastructure and
vital utility facilities that are at risk from electromagnetic,
geomagnetic, and cyber-attack threats;
(7) evaluate technologies available to improve the
resiliency of energy critical infrastructure and vital utility
facilities against electromagnetic, geomagnetic, or cyber-attack
threats;
(8) evaluate the capabilities of energy critical
infrastructure and vital utility facilities to recover from
electromagnetic, geomagnetic, or cyber-attack threats; and
(9) develop a comprehensive plan to protect the energy
critical infrastructure and vital utility facilities of this state
against electromagnetic, geomagnetic, terrorist, and cyber-attack
threats.
(e) The committee may share its findings with any state
agency it considers important to the security of the electric grid
or associated computer systems or networks. To the extent allowed
by law, a state agency with which the committee shares information
is encouraged to implement any recommendations that the agency
determines will improve the security of the state's electric grid
or associated computer systems or networks.
(f) ERCOT shall cooperate with the committee to provide any
information and resources the committee considers important to the
study.
(g) A member of the committee is not entitled to
compensation but is entitled to reimbursement for the member's
travel expenses as provided by Chapter 660, Government Code, and
the General Appropriations Act.
(h) A vacancy on the committee shall be filled for the
unexpired term in the same manner as the original appointment.
(i) The committee is not subject to Chapter 2110, Government
Code.
(j) Not later than December 1, 2018, the committee shall
prepare a report of its findings, including any recommendations for
legislation resulting from the findings, and shall submit the
report to the governor, the lieutenant governor, and the speaker of
the house of representatives.
(k) The committee's work relates to sensitive matters of
security. Notwithstanding any other law, the meetings, work, and
findings of the committee are not subject to the requirements of
Chapter 551 or 552, Government Code.
Sec. 39.604. GRID PROTECTION. (a) This section applies to:
(1) a transmission and distribution utility;
(2) an electric cooperative operating in ERCOT;
(3) a river authority operating in ERCOT; and
(4) a municipally owned utility operating in ERCOT.
(b) Not later than December 31, 2018, each entity to which
this section applies shall assess and report to the technological
hazards unit of the Texas Division of Emergency Management the
vulnerabilities the equipment, facilities, and systems the utility
uses to provide power have from the following:
(1) a high altitude electromagnetic pulse device;
(2) geomagnetic storms; and
(3) intentional electromagnetic interference.
(c) Not later than December 31, 2021, each entity to which
this section applies shall complete enhancements to transformers,
control centers, substations, and other equipment sufficient to
comply with the following standards, as applicable to the equipment
or facility:
(1) MIL-STD 188-125-1, "High-Altitude Electromagnetic
Pulse (HEMP) Protection for Ground-Based C4I Facilities Performing
Critical, Time-Urgent Missions, Part 1: Fixed Facilities," April 7,
2005;
(2) Cigré TB 600, "Protection of High-Voltage Power
Network Control Electronics Against Intentional Electromagnetic
Interference (IEMI)," November 2014;
(3) IEEE Std 1642-2015, "IEEE Recommended Practice for
Protecting Publicly Accessible Computer Systems from Intentional
Electromagnetic Interference (IEMI)";
(4) IEC/TR 61000-1-3 Ed. 1.0 (2002-06):
Electromagnetic compatibility (EMC) - Part 1-3: General - The
effects of high-altitude EMP (HEMP) on civil equipment and systems;
(5) IEC/TR 61000-1-5 Ed. 1.0 (2004-11):
Electromagnetic compatibility (EMC) - Part 1-5: General - High
power electromagnetic (HPEM) effects on civil systems;
(6) IEC 61000-2-9 Ed. 1.0 (1996-02): Electromagnetic
compatibility (EMC) - Part 2: Environment - Section 9: Description
of HEMP environment - Radiated disturbance;
(7) IEC 61000-2-10 Ed. 1.0 (1998-11): Electromagnetic
compatibility (EMC) - Part 2-10: Environment - Description of HEMP
environment - Conducted disturbance;
(8) IEC 61000-2-11 Ed. 1.0 (1999-10): Electromagnetic
compatibility (EMC) - Part 2-11: Environment - Classification of
HEMP environments;
(9) IEC 61000-2-13 Ed. 1.0 (2005-03): Electromagnetic
compatibility (EMC) - Part 2-13: Environment - High-power
electromagnetic (HPEM) environments - Radiated and conducted;
(10) IEC 61000-4-23 Ed. 1.0 (2000-10):
Electromagnetic compatibility (EMC) - Part 4-23: Testing and
measurement techniques - Test methods for protective devices for
HEMP and other radiated disturbances;
(11) IEC 61000-4-24 Ed. 1.0 (2011-15):
Electromagnetic compatibility (EMC) - Part 4: Testing and
measurement techniques - Section 24: Test methods for protective
devices for HEMP conducted disturbance;
(12) IEC 61000-4-25 Ed. 1.1 (2012-05):
Electromagnetic compatibility (EMC) - Part 4-25: Testing and
measurement techniques - HEMP immunity test methods for equipment
and systems;
(13) IEC 61000-4-36 Ed. 1.0 (2014-11):
Electromagnetic compatibility (EMC) - Part 4-36: Testing and
measurement techniques - IEMI immunity test methods for equipment
and systems;
(14) IEC/TR 61000-5-3 Ed. 1.0 (1999-07):
Electromagnetic compatibility (EMC) - Part 5-3: Installation and
mitigation guidelines - HEMP protection concepts;
(15) IEC/TR 61000-5-6 Ed. 1.0 (2002-06):
Electromagnetic compatibility (EMC) - Part 5-6: Installation and
mitigation guidelines - Mitigation of external EM influences;
(16) IEC/TS 61000-5-8 Ed. 1.0 (2009-08):
Electromagnetic compatibility (EMC) - Part 5-8: Installation and
mitigation guidelines - HEMP protection methods for the distributed
infrastructure;
(17) IEC/TS 61000-5-9 Ed. 1.0 (2009-07):
Electromagnetic compatibility (EMC) - Part 5-9: Installation and
mitigation guidelines - System-level susceptibility assessments
for HEMP and HPEM; and
(18) IEC 61000-6-6 Ed. 1.0 (2003-04): Electromagnetic
compatibility (EMC) - Part 6-6: Generic standards - HEMP immunity
for indoor equipment.
(d) An entity to which this section applies that is required
to complete enhancements under this section may recover costs
incurred in completing the enhancements from the reimbursement
program established under Section 39.602.
SECTION 3. The governor, the lieutenant governor, and the
speaker of the house of representatives shall appoint members to
the Electric Grid Security Advisory Committee, as required by this
Act, as soon as practicable after the effective date of this Act,
but not later than the 120th day after the effective date of this
Act.
SECTION 4. This Act takes effect immediately if it receives
a vote of two-thirds of all the members elected to each house, as
provided by Section 39, Article III, Texas Constitution. If this
Act does not receive the vote necessary for immediate effect, this
Act takes effect September 1, 2017.