BILL ANALYSIS

C.S.H.B. 787

By: Parker

State Affairs

Committee Report (Substituted)

BACKGROUND AND PURPOSE

Interested parties are concerned that the Texas electric grid is vulnerable to cybersecurity threats and electromagnetic pulses generated from either a severe act of nature or a terrorist attack. C.S.H.B. 787 seeks to address this issue by creating the Electric Grid Security Advisory Committee.

CRIMINAL JUSTICE IMPACT

It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.

RULEMAKING AUTHORITY

It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.

ANALYSIS

C.S.H.B. 787 creates the Electric Grid Security Advisory Committee. The bill establishes the composition of the committee, with appointments made by the governor; sets out the professional experience or technical training required of a committee member; requires the governor to designate a member of the committee to serve as presiding officer; and requires the committee to convene at the call of the presiding officer. The bill requires the governor to appoint members to the committee as soon as practicable after the bill's effective date but not later than the 120th day after that date.

C.S.H.B. 787 requires the committee to study the critical infrastructure and its vulnerability to electromagnetic pulse and cybersecurity threats. The bill requires the study to evaluate and summarize the current state of the electric grid and associated computer systems and networks; to consider potential security threats to the electric grid and associated computer systems and networks; to assess whether further efforts are needed to secure the electric grid and associated computer systems and networks against damage, including the threat of electromagnetic pulse or other attacks and natural threats, including solar flares; to recommend measures to secure the electric grid and associated computer systems and networks against damage; and to develop a recommended strategy to protect and prepare critical infrastructure in the Electric Reliability Council of Texas (ERCOT) region against threats.

C.S.H.B. 787 authorizes the committee to use research and data on electromagnetic pulse threats and cybersecurity gathered by the Electric Power Research Institute. The bill authorizes the committee to share its findings with any state agency it considers important to the security of the electric grid or associated computer systems or networks and establishes that, to the extent allowed by law, a state agency with which the committee shares information is encouraged to implement any recommendations that the agency determines will improve the security of the state's electric grid or associated computer systems or networks.

C.S.H.B. 787 requires the independent certified ERCOT organization to cooperate with the committee to provide any information and resources the committee considers important to the study, provides for the compensation and reimbursement of committee members and for the filling of vacancies on the task force, and exempts the committee from regulations regarding state agency advisory committees. The bill requires the committee, not later than December 1, 2018, to prepare a report of its findings, including any recommendations for legislation resulting from the findings, and to submit the report to the governor.

C.S.H.B. 787 specifies that the committee's work relates to sensitive matters of security, exempts the committee's meetings, work, and findings from the state open meetings law and state public information law, and requires each member of the committee to sign a nondisclosure agreement stating that the member will not disclose to the public any sensitive or identifiable information related to grid security measures or plans. If deficiencies in the security of the electric grid in the ERCOT region are determined through the process established by the bill and the legislature, in consultation with the governor, determines upgrades to the electric grid are necessary, the legislature is required to determine whether upgrades will be funded by appropriating general revenue funds or through a ratepayer cost recovery mechanism. The bill's provisions relating to the committee expire and the committee is abolished December 31, 2018.

C.S.H.B. 787 amends the Utilities Code to require the independent organization established by a power region to perform certain functions under the Public Utility Regulatory Act to collect and compile information related to the security of the electric grid and to make such information confidential and exempt from state public information law.

EFFECTIVE DATE

On passage, or, if the bill does not receive the necessary vote, September 1, 2017.

COMPARISON OF ORIGINAL AND SUBSTITUTE

While C.S.H.B. 787 may differ from the original in minor or nonsubstantive ways, the following comparison is organized and formatted in a manner that indicates the substantial differences between the introduced and committee substitute versions of the bill.

INTRODUCED

HOUSE COMMITTEE SUBSTITUTE

SECTION 1.

(a) The Electric Grid Security Advisory Committee is created. The committee is composed of the following members:

(1) two members appointed by the governor;

(2) two members appointed by the lieutenant governor; and

(3) two members appointed by the speaker of the house of representatives.

(b) Each member of the committee must have professional experience or technical training in:

(1) cybersecurity;

(2) electromagnetic interference;

(3) electric power generation or transmission;

(4) electromagnetic pulse hardening;

(5) physical security and controls;

(6) space physics and weather;

(7) supervisory controls and data acquisition; or

(8) emergency preparedness.

(d) The committee shall convene at the call of the presiding officer.

(e) The committee shall study the Texas electric grid and the computer systems and networks related to it. The study must:

(1) evaluate and summarize the current state of the electric grid and associated computer systems and networks;

(2) consider potential security threats to the electric grid and associated computer systems and networks;

(3) assess whether further efforts are needed to secure the electric grid and associated computer systems and networks against damage, including the threat of electromagnetic pulse or other attacks and natural threats, including solar flares; and

(4) recommend measures to secure the electric grid and associated computer systems and networks against damage.

(f) The committee may share its findings with any state agency it considers important to the security of the electric grid or associated computer systems or networks. To the extent allowed by law, a state agency with which the committee shares information is encouraged to implement any recommendations that the agency determines will improve the security of the state's electric grid or associated computer systems or networks.

(g) ERCOT shall cooperate with the committee to provide any information and resources the committee considers important to the study.

(h) A member of the committee is not entitled to compensation but is entitled to reimbursement for the member's travel expenses as provided by Chapter 660, Government Code, and the General Appropriations Act.

(i) A vacancy on the task force shall be filled for the unexpired term in the same manner as the original appointment.

(j) The committee is not subject to Chapter 2110, Government Code.

(k) Not later than December 1, 2018, the committee shall prepare a report of its findings, including any recommendations for legislation resulting from the findings, and shall submit the report to the governor, the lieutenant governor, and the speaker of the house of representatives.

(l) The committee's work relates to sensitive matters of security. Notwithstanding any other law, the meetings, work, and findings of the committee are not subject to the requirements of Chapter 551 or 552, Government Code. Each member of the committee shall sign a nondisclosure agreement stating that the member will not disclose to the public any sensitive or identifiable information related to grid security measures or plans.

(m) The committee is abolished and this section expires on December 31, 2018.

SECTION 1. (a) In this section:

(1) "Critical infrastructure" means electric utility facilities located in the ERCOT power region. The term does not include power generation facilities.

(2) "Cybersecurity" means the activity, process, ability, capability, or state where information and communication systems and the information contained in those systems are protected from and defended against damage, unauthorized use, modification, or exploitation.

(3) "Electromagnetic pulse threat" means an electromagnetic pulse caused by intentional means, including an act of terrorism.

(4) "Electric utility" has the meaning assigned by Section 31.002, Utilities Code.

(5) "ERCOT" has the meaning assigned by Section 31.002, Utilities Code.

(6) "ERCOT organization" means the independent organization certified under Section 39.151, Utilities Code, for the ERCOT region.

(b) The Electric Grid Security Advisory Committee is created. The committee is composed of the following members:

(1) four members appointed by the governor to study electromagnetic pulse threats; and

(2) four members appointed by the governor to study cybersecurity.

(1) cybersecurity;

(2) electromagnetic interference;

(3) electric power generation or transmission;

(4) electromagnetic pulse hardening;

(5) physical security and controls;

(6) space physics and weather;

(7) supervisory controls and data acquisition; or

(8) emergency preparedness.

(d) The governor shall designate a member of the committee to serve as presiding officer.

(e) The committee shall convene at the call of the presiding officer.

(f) The committee shall study critical infrastructure and its vulnerability to electromagnetic pulse and cybersecurity threats. The study must:

(1) evaluate and summarize the current state of the electric grid and associated computer systems and networks;

(2) consider potential security threats to the electric grid and associated computer systems and networks;

(4) recommend measures to secure the electric grid and associated computer systems and networks against damage; and

(5) develop a recommended strategy to protect and prepare critical infrastructure in the ERCOT region against threats.

(g) The committee may use research and data on electromagnetic pulse threats and cybersecurity gathered by the Electric Power Research Institute.

(h) The committee may share its findings with any state agency it considers important to the security of the electric grid or associated computer systems or networks. To the extent allowed by law, a state agency with which the committee shares information is encouraged to implement any recommendations that the agency determines will improve the security of the state's electric grid or associated computer systems or networks.

(i) The ERCOT organization shall cooperate with the committee to provide any information and resources the committee considers important to the study.

(j) A member of the committee is not entitled to compensation but is entitled to reimbursement for the member's travel expenses as provided by Chapter 660, Government Code, and the General Appropriations Act.

(k) A vacancy on the task force shall be filled for the unexpired term in the same manner as the original appointment.

(l) The committee is not subject to Chapter 2110, Government Code.

(m) Not later than December 1, 2018, the committee shall prepare a report of its findings, including any recommendations for legislation resulting from the findings, and shall submit the report to the governor.

(n) The committee's work relates to sensitive matters of security. Notwithstanding any other law, the meetings, work, and findings of the committee are not subject to the requirements of Chapter 551 or 552, Government Code. Each member of the committee shall sign a nondisclosure agreement stating that the member will not disclose to the public any sensitive or identifiable information related to grid security measures or plans.

(o) This section is not intended to penalize electric providers in this state. If deficiencies in the security of the electric grid in the ERCOT region are determined through the process established in this section and the legislature, in consultation with the governor, determines upgrades to the electric grid are necessary, the legislature shall determine whether upgrades will be funded by appropriating general revenue funds or through a ratepayer cost recovery mechanism.

(p) The committee is abolished and this section expires on December 31, 2018.

SECTION 2. Subchapter Z, Chapter 39, Utilities Code, is amended.

SECTION 2. Same as introduced version.

SECTION 3. The governor, the lieutenant governor, and the speaker of the house of representatives shall appoint members to the Electric Grid Security Advisory Committee, as required by this Act, as soon as practicable after the effective date of this Act, but not later than the 120th day after the effective date of this Act.

SECTION 3. The governor shall appoint members to the Electric Grid Security Advisory Committee, as required by this Act, as soon as practicable after the effective date of this Act, but not later than the 120th day after the effective date of this Act.

SECTION 4. This Act takes effect immediately if it receives a vote of two-thirds of all the members elected to each house, as provided by Section 39, Article III, Texas Constitution. If this Act does not receive the vote necessary for immediate effect, this Act takes effect September 1, 2017.

SECTION 4. Same as introduced version.