This website will be unavailable from Friday, April 26, 2024 at 6:00 p.m. through Monday, April 29, 2024 at 7:00 a.m. due to data center maintenance.

 
 
  By: Shaheen H.B. No. 4397
 
 
 
A BILL TO BE ENTITLED
 
AN ACT
  relating to a cybersecurity monitor for certain electric utilities.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  Subchapter D, Chapter 39, Utilities Code, is
  amended by amending Section 39.1516 to read as follows:
         Sec. 39.1516.  CYBERSECURITY MONITOR. (a) In this section,
  "monitored utility" means:
               (1)  a transmission and distribution utility;
               (2)  a corporation described in Section 32.053;
               (3)  a municipally owned utility or electric
  cooperative that owns or operates equipment or facilities in the
  ERCOT power region to transmit electricity at 60 or more kilovolts;
  or
               (4)  an electric utility, municipally owned utility, or
  electric cooperative, or power generation company that operates
  solely outside the ERCOT power region that has elected to
  participate under Subsection (d); or
               (5)  a power generation company
         (b)  The commission and the independent organization
  certified under Section 39.151 shall contract with an entity
  selected by the commission to act as the commission's cybersecurity
  monitor to:
               (1)  manage a comprehensive cybersecurity outreach
  program for monitored utilities;
               (2)  meet regularly with monitored utilities to discuss
  emerging threats, best business practices, and training
  opportunities;
               (3)  review self-assessments voluntarily disclosed by
  monitored utilities of cybersecurity efforts;
               (4)  research and develop best business practices
  regarding cybersecurity; and
               (5)  report to the commission on monitored utility
  cybersecurity preparedness.
         (c)  The independent organization certified under Section
  39.151 shall provide to the cybersecurity monitor any access,
  information, support, and cooperation that the commission
  determines is necessary for the monitor to perform the functions
  described by Subsection (b). The independent organization shall
  use funds from the fee authorized by Section 39.151(e) to pay for
  the cybersecurity monitor's activities.
         (d)  An electric utility, municipally owned utility, or
  electric cooperative, or power generation company that operates
  solely outside the ERCOT power region mayshall elect to
  participate in the cybersecurity monitor program or to discontinue
  participation. The commission shall adopt rules establishing:
               (1)  procedures for an electric utility, municipally
  owned utility, or electric cooperative to notify the commission,
  the independent organization certified under Section 39.151, and
  the cybersecurity monitor that the utility or cooperative elects to
  participate or to discontinue participation; and
               (2)  a mechanism to require an electric utility,
  municipally owned utility, or electric cooperative that elects to
  participate to contribute to the costs incurred by the independent
  organization under this section.
         (e)  The cybersecurity monitor shall operate under the
  supervision and oversight of the commission.
         (f)  The commission shall adopt rules as necessary to
  implement this section and mayshall enforce the provisions of this
  section in the manner provided by this title. This section does not
  grant enforcement authority to the cybersecurity monitor or
  authorize the commission to delegate the commission's enforcement
  authority to the cybersecurity monitor. This section does not
  grant enforcement authority to the commission beyond authority
  explicitly provided for in this title.
         (g)  The staff of the cybersecurity monitor may communicate
  with commission staff about any cybersecurity information without
  restriction. Commission staff shall maintain the confidentiality
  of the cybersecurity information. Notwithstanding any other law,
  commission staff may not disclose information obtained under this
  section in an open meeting or through a response to a public
  information request.
         (h)  Information written, produced, collected, assembled, or
  maintained under Subsection (b), (c), or (g) is confidential and
  not subject to disclosure under Chapter 552, Government Code. A
  governmental body is not required to conduct an open meeting under
  Chapter 551, Government Code, to deliberate a matter described by
  Subsection (b), (c), or (g).
         SECTION 2.  To the extent of any conflict, this Act prevails
  over another Act of the 87th Legislature, Regular Session, 2021,
  relating to nonsubstantive additions to and corrections in enacted
  codes.
         SECTION 3.  This Act takes effect September 1, 2021.