BILL ANALYSIS

Senate Research Center	H.B. 787
	By: Parker et al. (Hancock)
	Business & Commerce
	5/12/2017
	Engrossed

AUTHOR'S / SPONSOR'S STATEMENT OF INTENT

Interested parties are concerned that the Texas electric grid is vulnerable to cybersecurity threats and electromagnetic pulses generated from either a severe act of nature or a terrorist attack. H.B. 787 seeks to address this issue by creating the Electric Grid Security Advisory Committee.

H.B. 787 amends current law relating to the security of the electric grid.

RULEMAKING AUTHORITY

This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.

SECTION BY SECTION ANALYSIS

SECTION 1. (a) Defines "critical infrastructure," "cybersecurity," "electromagnetic pulse threat," "electric utility," "ERCOT," "ERCOT organization," and "geomagnetic disturbance."

(b) Creates the Electric Grid Security Advisory Committee (EGSAC). Provides that EGSAC is composed of four members appointed by the governor to study electromagnetic pulse threats and four members appointed by the governor to study cybersecurity.

(d) Requires the governor to designate a member of EGSAC to serve as presiding officer.

(e) Requires EGSAC to convene at the call of the presiding officer.

(f) Requires EGSAC to study critical infrastructure and its vulnerability to electromagnetic pulse, geomagnetic disturbance, and cybersecurity threats. Requires that the study:

(1) evaluate and summarize the current state of the electric grid and associated computer systems and networks;

(2) consider and assess the likelihood of potential security threats to the electric grid and associated computer systems and networks;

(3) assess whether further efforts are needed to secure the electric grid and associated computer systems and networks against damage, including the threat of electromagnetic pulse or other attacks and natural threats, including solar flares;

(4) recommend appropriate measures to secure the electric grid and associated computer systems and networks, taking into account the impact of the potential damage being addressed; and

(5) recommend one or more strategies to protect and prepare critical infrastructure in the Electric Reliability Council of Texas (ERCOT) region against relevant threats and present the estimated costs associated with each strategy.

(g) Authorizes EGSAC to use research and data on electromagnetic pulse threats and cybersecurity gathered by the United States (U.S.) Department of Defense, the U.S. Department of Energy, the U.S. Department of Homeland Security, and the Electric Power Research Institute.

(h) Authorizes EGSAC to share its findings with any state agency it considers important to the security of the electric grid or associated computer systems or networks. Provides that, to the extent allowed by law, a state agency with which EGSAC shares information is encouraged to implement any recommendations that the agency determines will improve the security of the state's electric grid or associated computer systems or networks.

(i) Requires the ERCOT organization to cooperate with EGSAC to provide any information and resources EGSAC considers important to the study.

(j) Provides that a member of EGSAC is not entitled to compensation but is entitled to reimbursement for the member's travel expenses as provided by Chapter 660 (Travel Expenses), Government Code, and the General Appropriations Act.

(k) Requires that a vacancy on the task force be filled for the unexpired term in the same manner as the original appointment.

(l) Provides that EGSAC is not subject to Chapter 2110 (State Agency Advisory Committees), Government Code.

(m) Requires EGSAC, not later than December 1, 2018, to prepare a report of its findings, including any recommendations for legislation resulting from the findings, and to submit the report to the governor.

(n) Provides that EGSAC's work relates to sensitive matters of security. Provides that, notwithstanding any other law, the meetings, work, and findings of EGSAC are not subject to the requirements of Chapter 551 (Open Meetings) or 552 (Public Information), Government Code. Requires each member of EGSAC to sign a nondisclosure agreement stating that the member will not disclosure to the public any sensitive or identifiable information related to grid security measures or plans.

(o) Provides that this section is not intended to penalize electric providers in this state. Requires the legislature, if deficiencies in the security of the electric grid in the ERCOT region are determined through the process established in this section and the legislature, in consultation with the governor, determines upgrades to the electric grid are necessary, to determine whether upgrades will be funded by appropriating general revenue, through a ratepayer cost recovery mechanism, or by a combination of those methods.

(p) Provides that this section is not intended to prevent an electric utility, municipally owned utility, or electric cooperative from making prudent investments and reasonable and necessary expenditures to secure the electric grid and seeking recovery of associated costs as authorized by the Utilities Code.

(q) Provides that EGSAC is abolished and this section expires on December 31, 2018.

SECTION 2. Amends Subchapter Z, Chapter 39, Utilities Code, by adding Section 39.917, as follows:

Sec. 39.917. INFORMATION RELATED TO GRID SECURITY. Requires the independent organization certified under Section 39.151 (Essential Organizations) to collect and compile information related to the security of the electric grid. Provides that the information is confidential and is not subject to disclosure under Chapter 552, Government Code.

SECTION 3. Requires the governor to appoint members to EGSAC, as required by this Act, as soon as practicable after the effective date of this Act, but not later than the 120th day after the effective date of this Act.

SECTION 4. Effective date: upon passage or September 1, 2017.