|
|
|
A BILL TO BE ENTITLED
|
|
AN ACT
|
|
relating to protection of energy critical infrastructure from |
|
electromagnetic, geomagnetic, terrorist, and cyber-attack threats. |
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
SECTION 1. Chapter 418, Government Code, is amended by |
|
adding Subchapter I to read as follows: |
|
SUBCHAPTER I. ELECTROMAGNETIC THREAT PREPAREDNESS |
|
Sec. 418.201. ELECTROMAGNETIC THREAT PREPAREDNESS TASK |
|
FORCE. (a) In this section, "energy critical infrastructure" |
|
means an electrical power-generating facility, substation, |
|
switching station, electrical control center, or electrical |
|
transmission or distribution facility and includes an associated |
|
electronic control center and other electronic infrastructure used |
|
in electric power delivery. |
|
(b) The electromagnetic threat preparedness task force is |
|
created. The task force shall develop a comprehensive recovery |
|
plan. |
|
(c) The task force consists of 10 members appointed by the |
|
chief described by Section 418.041. Each member must be a regional |
|
emergency management representative. |
|
(d) The task force shall: |
|
(1) identify and develop technical and electronic |
|
resources to assist the division in the division's functions; |
|
(2) implement a program to educate owners and |
|
operators of energy critical infrastructure and vital utility |
|
facilities and emergency responders about electromagnetic, |
|
geomagnetic, and cyber-attack threats; |
|
(3) evaluate emergency planning and response |
|
technologies related to electromagnetic, geomagnetic, and |
|
cyber-attack threats; |
|
(4) develop a comprehensive threat protection and |
|
recovery plan for energy critical infrastructure and vital utility |
|
facilities of this state against electromagnetic, geomagnetic, |
|
terrorist, and cyber-attack threats; and |
|
(5) identify and compile a comprehensive list of |
|
contractors capable of performing work to increase the security of |
|
the electric grid. |
|
(e) Information collected by the task force related to the |
|
security of the electric grid is confidential and is not subject to |
|
disclosure under Chapter 552. |
|
(f) Not later than September 1, 2018, the task force shall |
|
prepare and submit to the governor and the legislature a report of |
|
the task force's findings and recommendations. |
|
(g) A member of the task force established under this |
|
section is not entitled to compensation. Members may be reimbursed |
|
for expenses as follows: |
|
(1) a member is entitled to reimbursement for travel |
|
and other necessary expenses as provided in the General |
|
Appropriations Act; and |
|
(2) a member appointed as a representative of a state |
|
agency is eligible for reimbursement for travel and other necessary |
|
expenses according to the applicable agency's policies. |
|
(h) This section expires September 1, 2018. |
|
Sec. 418.202. TECHNOLOGICAL HAZARDS. (a) In this section, |
|
"energy critical infrastructure" means an electrical |
|
power-generating facility, substation, switching station, |
|
electrical control center, or electrical transmission or |
|
distribution facility and includes an associated electronic |
|
control center and other electronic infrastructure used in electric |
|
power delivery. |
|
(b) The division shall implement the comprehensive threat |
|
protection and recovery plan developed by the electromagnetic |
|
threat preparedness task force for energy critical infrastructure |
|
and vital utility facilities of this state against electromagnetic, |
|
geomagnetic, terrorist, and cyber-attack threats. |
|
(c) The governor may instruct an agency to take actions as |
|
are necessary to implement the comprehensive threat protection and |
|
recovery plan developed by the electromagnetic threat preparedness |
|
task force. |
|
(d) Information collected by the division related to the |
|
security of the electric grid is confidential and is not subject to |
|
disclosure under Chapter 552. |
|
SECTION 2. Chapter 39, Utilities Code, is amended by adding |
|
Subchapter M to read as follows: |
|
SUBCHAPTER M. GRID SECURITY |
|
Sec. 39.601. INFORMATION RELATED TO GRID SECURITY. The |
|
independent organization certified under Section 39.151 shall |
|
collect and compile information related to the security of the |
|
electric grid. The information is confidential and is not subject |
|
to disclosure under Chapter 552, Government Code. |
|
Sec. 39.602. ELECTRIC GRID SECURITY PROGRAM. (a) In this |
|
section: |
|
(1) "Committee" means the Electric Grid Security |
|
Advisory Committee. |
|
(2) "Energy critical infrastructure" has the meaning |
|
assigned by Section 418.202, Government Code. |
|
(b) The commission shall establish a program to meet |
|
implementation deadlines and pay costs incurred to increase the |
|
security of the electric grid in ERCOT. The program must be |
|
designed to pay for: |
|
(1) an audit related to security of the electric grid |
|
and associated computer systems and networks conducted by: |
|
(A) an independent security expert for a |
|
transmission and distribution utility; |
|
(B) an independent organization certified by the |
|
commission under Section 39.151; |
|
(C) an electric cooperative; |
|
(D) a river authority; or |
|
(E) a municipally owned utility operating in |
|
ERCOT; |
|
(2) reimbursement of an investment made or expense |
|
incurred to implement a measure recommended by the committee or |
|
implement a recommendation made in an audit conducted under |
|
Subdivision (1) by: |
|
(A) a transmission and distribution utility; |
|
(B) an independent organization certified by the |
|
commission under Section 39.151; |
|
(C) an electric cooperative; |
|
(D) a river authority; or |
|
(E) a municipally owned utility operating in |
|
ERCOT; |
|
(3) an expense incurred by the committee related to |
|
the retention of a consultant or other necessary expert to assist |
|
the committee in performing a duty of the committee; |
|
(4) reimbursement to a member of the committee for |
|
travel expenses; and |
|
(5) reimbursement of a cost incurred by the commission |
|
in administering this section. |
|
(c) Entities other than the commission seeking |
|
reimbursement from the program shall provide adequate |
|
documentation to the committee to demonstrate that the investment, |
|
expense, or cost is eligible for reimbursement under this section. |
|
The commission shall authorize reimbursement of an eligible |
|
investment, expense, or cost on receipt of a certification from the |
|
committee that the item is eligible under this section not later |
|
than five business days after the date of the receipt of a valid |
|
certification. |
|
(d) The commission shall report each quarter the total |
|
amount paid by the program for each of the categories listed in |
|
Subsection (b) to the governor, lieutenant governor, and speaker of |
|
the house of representatives. |
|
(e) This section does not prevent recovery authorized by |
|
this title for a cost incurred through a reasonable and necessary |
|
expenditure related to an ongoing effort to secure electric |
|
facilities from physical and cybersecurity threats by: |
|
(1) a transmission and distribution utility; |
|
(2) an independent organization certified by the |
|
commission under Section 39.151; |
|
(3) an electric cooperative; |
|
(4) a river authority; or |
|
(5) a municipally owned utility operating in ERCOT. |
|
(f) The program may not pay for an audit described by |
|
Subsection (b)(1) that is conducted by an independent security |
|
expert unless the expert meets professional standards adopted by |
|
commission rule that are at least as stringent as those required for |
|
certification as a: |
|
(1) certified information systems security |
|
professional (CISSP) by the International Information System |
|
Security Certification Consortium; or |
|
(2) global industrial cyber security professional |
|
(GICSP) by the Global Information Assurance Certification. |
|
Sec. 39.603. GRID SECURITY ADVISORY COMMITTEE. (a) The |
|
Electric Grid Security Advisory Committee is composed of the |
|
following members: |
|
(1) two members appointed by the governor; |
|
(2) two members appointed by the lieutenant governor; |
|
and |
|
(3) two members appointed by the speaker of the house |
|
of representatives. |
|
(b) The governor shall designate a member of the committee |
|
to serve as presiding officer. |
|
(c) The committee shall convene at the call of the presiding |
|
officer. |
|
(d) The committee shall study the Texas electric grid and |
|
the computer systems and networks related to the grid. The study |
|
must: |
|
(1) evaluate and summarize the current state of the |
|
electric grid and associated computer systems and networks; |
|
(2) research and consider potential security threats |
|
to the electric grid and to associated computer systems and |
|
networks; |
|
(3) assess whether further efforts are needed to |
|
secure the electric grid and associated computer systems and |
|
networks against damage, including the threat of electromagnetic |
|
pulse or other attacks and natural threats, including solar flares; |
|
(4) recommend measures to secure the electric grid and |
|
associated computer systems and networks against damage; |
|
(5) recommend a program to develop technical expertise |
|
in the protection of the electric transmission and distribution |
|
system against electromagnetic, geomagnetic, and cyber-attack |
|
threats; |
|
(6) determine energy critical infrastructure and |
|
vital utility facilities that are at risk from electromagnetic, |
|
geomagnetic, and cyber-attack threats; |
|
(7) evaluate technologies available to improve the |
|
resiliency of energy critical infrastructure and vital utility |
|
facilities against electromagnetic, geomagnetic, or cyber-attack |
|
threats; |
|
(8) evaluate the capabilities of energy critical |
|
infrastructure and vital utility facilities to recover from |
|
electromagnetic, geomagnetic, or cyber-attack threats; and |
|
(9) develop a comprehensive plan to protect the energy |
|
critical infrastructure and vital utility facilities of this state |
|
against electromagnetic, geomagnetic, terrorist, and cyber-attack |
|
threats. |
|
(e) The committee may share its findings with any state |
|
agency it considers important to the security of the electric grid |
|
or associated computer systems or networks. To the extent allowed |
|
by law, a state agency with which the committee shares information |
|
is encouraged to implement any recommendations that the agency |
|
determines will improve the security of the state's electric grid |
|
or associated computer systems or networks. |
|
(f) ERCOT shall cooperate with the committee to provide any |
|
information and resources the committee considers important to the |
|
study. |
|
(g) A member of the committee is not entitled to |
|
compensation but is entitled to reimbursement for the member's |
|
travel expenses as provided by Chapter 660, Government Code, and |
|
the General Appropriations Act. |
|
(h) A vacancy on the committee shall be filled for the |
|
unexpired term in the same manner as the original appointment. |
|
(i) The committee is not subject to Chapter 2110, Government |
|
Code. |
|
(j) Not later than December 1, 2018, the committee shall |
|
prepare a report of its findings, including any recommendations for |
|
legislation resulting from the findings, and shall submit the |
|
report to the governor, the lieutenant governor, and the speaker of |
|
the house of representatives. |
|
(k) The committee's work relates to sensitive matters of |
|
security. Notwithstanding any other law, the meetings, work, and |
|
findings of the committee are not subject to the requirements of |
|
Chapter 551 or 552, Government Code. |
|
Sec. 39.604. GRID PROTECTION. (a) This section applies to: |
|
(1) a transmission and distribution utility; |
|
(2) an electric cooperative operating in ERCOT; |
|
(3) a river authority operating in ERCOT; and |
|
(4) a municipally owned utility operating in ERCOT. |
|
(b) Not later than December 31, 2018, each entity to which |
|
this section applies shall assess and report to the technological |
|
hazards unit of the Texas Division of Emergency Management the |
|
vulnerabilities the equipment, facilities, and systems the utility |
|
uses to provide power have from the following: |
|
(1) a high altitude electromagnetic pulse device; |
|
(2) geomagnetic storms; and |
|
(3) intentional electromagnetic interference. |
|
(c) Not later than December 31, 2021, each entity to which |
|
this section applies shall complete enhancements to transformers, |
|
control centers, substations, and other equipment sufficient to |
|
comply with the following standards, as applicable to the equipment |
|
or facility: |
|
(1) MIL-STD 188-125-1, "High-Altitude Electromagnetic |
|
Pulse (HEMP) Protection for Ground-Based C4I Facilities Performing |
|
Critical, Time-Urgent Missions, Part 1: Fixed Facilities," April 7, |
|
2005; |
|
(2) Cigré TB 600, "Protection of High-Voltage Power |
|
Network Control Electronics Against Intentional Electromagnetic |
|
Interference (IEMI)," November 2014; |
|
(3) IEEE Std 1642-2015, "IEEE Recommended Practice for |
|
Protecting Publicly Accessible Computer Systems from Intentional |
|
Electromagnetic Interference (IEMI)"; |
|
(4) IEC/TR 61000-1-3 Ed. 1.0 (2002-06): |
|
Electromagnetic compatibility (EMC) - Part 1-3: General - The |
|
effects of high-altitude EMP (HEMP) on civil equipment and systems; |
|
(5) IEC/TR 61000-1-5 Ed. 1.0 (2004-11): |
|
Electromagnetic compatibility (EMC) - Part 1-5: General - High |
|
power electromagnetic (HPEM) effects on civil systems; |
|
(6) IEC 61000-2-9 Ed. 1.0 (1996-02): Electromagnetic |
|
compatibility (EMC) - Part 2: Environment - Section 9: Description |
|
of HEMP environment - Radiated disturbance; |
|
(7) IEC 61000-2-10 Ed. 1.0 (1998-11): Electromagnetic |
|
compatibility (EMC) - Part 2-10: Environment - Description of HEMP |
|
environment - Conducted disturbance; |
|
(8) IEC 61000-2-11 Ed. 1.0 (1999-10): Electromagnetic |
|
compatibility (EMC) - Part 2-11: Environment - Classification of |
|
HEMP environments; |
|
(9) IEC 61000-2-13 Ed. 1.0 (2005-03): Electromagnetic |
|
compatibility (EMC) - Part 2-13: Environment - High-power |
|
electromagnetic (HPEM) environments - Radiated and conducted; |
|
(10) IEC 61000-4-23 Ed. 1.0 (2000-10): |
|
Electromagnetic compatibility (EMC) - Part 4-23: Testing and |
|
measurement techniques - Test methods for protective devices for |
|
HEMP and other radiated disturbances; |
|
(11) IEC 61000-4-24 Ed. 1.0 (2011-15): |
|
Electromagnetic compatibility (EMC) - Part 4: Testing and |
|
measurement techniques - Section 24: Test methods for protective |
|
devices for HEMP conducted disturbance; |
|
(12) IEC 61000-4-25 Ed. 1.1 (2012-05): |
|
Electromagnetic compatibility (EMC) - Part 4-25: Testing and |
|
measurement techniques - HEMP immunity test methods for equipment |
|
and systems; |
|
(13) IEC 61000-4-36 Ed. 1.0 (2014-11): |
|
Electromagnetic compatibility (EMC) - Part 4-36: Testing and |
|
measurement techniques - IEMI immunity test methods for equipment |
|
and systems; |
|
(14) IEC/TR 61000-5-3 Ed. 1.0 (1999-07): |
|
Electromagnetic compatibility (EMC) - Part 5-3: Installation and |
|
mitigation guidelines - HEMP protection concepts; |
|
(15) IEC/TR 61000-5-6 Ed. 1.0 (2002-06): |
|
Electromagnetic compatibility (EMC) - Part 5-6: Installation and |
|
mitigation guidelines - Mitigation of external EM influences; |
|
(16) IEC/TS 61000-5-8 Ed. 1.0 (2009-08): |
|
Electromagnetic compatibility (EMC) - Part 5-8: Installation and |
|
mitigation guidelines - HEMP protection methods for the distributed |
|
infrastructure; |
|
(17) IEC/TS 61000-5-9 Ed. 1.0 (2009-07): |
|
Electromagnetic compatibility (EMC) - Part 5-9: Installation and |
|
mitigation guidelines - System-level susceptibility assessments |
|
for HEMP and HPEM; and |
|
(18) IEC 61000-6-6 Ed. 1.0 (2003-04): Electromagnetic |
|
compatibility (EMC) - Part 6-6: Generic standards - HEMP immunity |
|
for indoor equipment. |
|
(d) An entity to which this section applies that is required |
|
to complete enhancements under this section may recover costs |
|
incurred in completing the enhancements from the reimbursement |
|
program established under Section 39.602. |
|
SECTION 3. The governor, the lieutenant governor, and the |
|
speaker of the house of representatives shall appoint members to |
|
the Electric Grid Security Advisory Committee, as required by this |
|
Act, as soon as practicable after the effective date of this Act, |
|
but not later than the 120th day after the effective date of this |
|
Act. |
|
SECTION 4. This Act takes effect immediately if it receives |
|
a vote of two-thirds of all the members elected to each house, as |
|
provided by Section 39, Article III, Texas Constitution. If this |
|
Act does not receive the vote necessary for immediate effect, this |
|
Act takes effect September 1, 2017. |