BILL ANALYSIS
|
Senate Research Center |
S.B. 330 |
|
88R3548 CXP-F |
By: Hall et al. |
|
|
Business & Commerce |
|
|
3/24/2023 |
|
|
As Filed |
AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
Currently, the electric grid is vulnerable to a wide range of both natural and man-made existential threats, including cyber-attacks, malware, electromagnetic pulses (EMP) and geomagnetic disturbances (GMD) that would, at best, disrupt the grid, and at worst, cause the entire grid to go down.
Electricity is the second most important thing for sustaining life as we now know it and impacts almost every aspect of our modern life: healthcare, transportation, banking, sanitation, water, and food. Currently, Texas does not have a robust plan in place to address a widespread, long-term power outage. Since electricity is vital for survival, if the grid goes down, thousands of people risk losing their lives.
S.B. 330
� Would create the Texas Grid Security Commission (TGSC) under the direction of the Texas Department of Emergency Management (TDEM) to evaluate all hazards to the ERCOT electric grid and vulnerabilities of essential service systems for municipalities.
� Would require TGSC to develop standards and recommend a plan to harden critical infrastructure in the state to make a resilient grid.
� Would require TGSC to evaluate resiliency of essential service systems of municipalities and develop standards and recommend a plan for resilient communities. These systems would provide citizens with reliable services in the event of a long-term power outage and a path toward expeditious electrical and economic recovery.
� Would require TGSC to create a state-wide plan for protection from catastrophic loss of power.
� Would require TGSC to establish resiliency standards for micro-grids and certify a micro-grid that meets these standards.
� Would require the TGSC to develop a recommended timeline to implement the plan for protection of all hazards and resiliency standards for municipalities.
� Would require the Public Utility Commission, ERCOT, and the Railroad Commission to oversee the implementation of the plan by validating that the recommendations of TGSC are implemented as specified in the timeline and to begin tracking compliance within six months after the plan is submitted to the legislature.
� Would require each business or entity subject to the resiliency plan to make publicly available on their website the status of their compliance with the hardening/resiliency standards.
� Would require regulatory agencies to establish rates for resiliency cost recovery.
� Includes a provision to ensure the confidentiality of information provided for an assessment of vulnerabilities by requiring the information to be maintained at ERCOT and that it be accessible only to individuals with appropriate security clearances.
� Enables PUC, ERCOT, and RRC to access penalties on entities that do not comply with the standards for resiliency as outlined in TGSC's plan.
As proposed, S.B. 330 amends current law relating to the resilience of the electric grid and certain municipalities and authorizes an administrative penalty.
RULEMAKING AUTHORITY
Rulemaking authority is expressly granted to the Railroad Commission of Texas in SECTION 2 (Section 44.012, Utilities Code) of this bill.
Rulemaking authority is expressly granted to Public Utility Commission of Texas in SECTION 2 (Section 44.012, Utilities Code) of this bill.
SECTION BY SECTION ANALYSIS
SECTION 1. Provides that the legislature finds that:
(1) electric grid blackouts threaten the lives of the citizens of this state and pose a disproportionately large risk to:
(A) the elderly, vulnerable, and underprivileged within this state; and
(B) communities facing disproportionate environmental health burdens and population vulnerabilities relating to facilities such as chemical plants and refineries that can become environmental disaster areas when taken off-line due to loss of electricity;
(2) the 16 critical infrastructures identified in President Barack Obama's Presidential Policy Directive "Critical Infrastructure Security and Resilience" (PPD-21) including water and wastewater systems, food and agriculture, communications systems, the energy sector including refineries and fuel distribution systems, chemical plants, the financial sector, hospitals and health care facilities, law enforcement and government facilities, nuclear reactors, and other critical functions depend on the electric grid in this state and make the grid's protection vital to the economy of this nation and homeland security;
(3) the blackout that occurred in this state in February 2021 caused:
(A) death and suffering in this state;
(B) economic loss to this state's economy;
(C) impacts to all critical infrastructures in this state;
(D) the dispatch of generation units that likely exceeded limits established by the Environmental Protection Agency for sulfur dioxide, nitrogen oxide, mercury, and carbon monoxide emissions and wastewater release limits;
(E) radically increased pricing of electricity that resulted in making electric power bills unaffordable to many customers across this state; and
(F) the exacerbation of the COVID-19 pandemic risk by forcing many of the state's citizens to consolidate at warming centers and in other small spaces where warmth for survival superseded social distancing protocols;
(4) a previous large-scale blackout occurred in this state in February 2011 during which 4.4 million customers were affected;
(5) this state is uniquely positioned to prevent blackouts because this state is a net exporter of energy and is the only state with an electric grid almost exclusively within its territorial boundaries;
(6) the 2011 and 2021 blackouts call into question:
(A) whether too much risk has been accepted regarding weatherization of electric generation infrastructure;
(B) whether this state lacks the internal distribution structure and control systems to manage rolling blackouts; and
(C) whether sufficient resources have been allocated toward overall grid resilience;
(7) public confidence in the resilience of the electric grid in this state is essential to ensuring economic prosperity, domestic tranquility, continuity of government, and life-sustaining systems;
(8) a resilient electric grid that offers businesses in this state continuity of operations in the event of a natural or man-made disaster will be an unrivaled attraction for businesses to expand or move their operations to this state and for protecting what is important to this state, including its military installations and its environment;
(9) current market incentives and regulations are not sufficient for electric utilities to:
(A) prioritize grid security and resilience; and
(B) protect the grid against hazards;
(10) protection of the electric grid in this state against hazards would assure businesses and the citizens of this state that the "lights will be back on first in Texas" in the event of a nationwide catastrophe affecting electric infrastructure, sparing catastrophic societal and environmental consequences for this state; and
(11) when this state begins implementation of the plan for all hazards resilience described by Section 44.007, Utilities Code, as added by this Act, to protect the electric grid in this state, short-term and long-term economic benefit will far exceed even the most optimistic estimates of the conventional economic incentives provided by tax abatements to attract businesses to this state.
SECTION 2. Amends Subtitle B, Title 2, Utilities Code, by adding Chapter 44, as follows:
CHAPTER 44. GRID RESILIENCE
Sec. 44.001. DEFINITIONS. Defines "all hazards," "micro-grid," and "security commission."
�Sec. 44.002. TEXAS GRID SECURITY COMMISSION. (a) Provides that the Texas Grid Security Commission (security commission) is composed of the following members:
(1) a representative of the Texas Division of Emergency Management (TDEM) appointed by the chief of TDEM (chief);
(2) a representative of the State Office of Risk Management (SORM) appointed by the risk management board;
(3) a representative from the Public Utility Commission of Texas (PUC) appointed by the PUC;
(4) a representative from the Railroad Commission of Texas (RRC) appointed by RRC;
(5) a representative of the independent organization certified under Section 39.151 (Essential Organizations) for the Energy Reliability Council of Texas (ERCOT) power region appointed by the chief executive officer of that organization;
(6) a representative of the Texas Military Department (TMD) appointed by the adjutant general of TMD;
(7) a representative of the Texas Military Preparedness Commission (TMPC) appointed by TMPC;
(8) a representative of the Office of State-Federal Relations (OSFR) appointed by the director of OSFR;
(9) a representative of the Texas Department of Information Resources (DIR) appointed by the executive director of DIR;
(10) a representative of power generation companies appointed by the chief;
(11) two representatives of transmission and distribution utilities appointed by the chief;
(12) three individuals with expertise in critical infrastructure protection appointed by the chief, to represent the public interest;
(13) one representative appointed by the chief from each of the following essential services sectors: law enforcement; emergency services; communications; water and sewer services; health care; financial services; food and agriculture; transportation; and energy;
(14) an expert in the field of higher education appointed by the chief; and
(15) an expert in the field of electricity markets and regulations appointed by the chief.
(b) Authorizes the chief to invite members or former members of the United States Air Force's Electromagnetic Defense Task Force to the membership of the security commission.
(c) Requires TDEM to designate a member of the security commission to serve as presiding officer.
(d) Authorizes the presiding officer to invite to the membership of the security commission any person whose expertise the security commission considers necessary to carry out the purposes of this chapter.
(e) Requires the security commission to convene at the call of the presiding officer.
(f) Requires the security commission to report to the chief.
(g) Provides that a vacancy on the security commission is filled by appointment for the unexpired term in the same manner as the original appointment.
(h) Requires individuals appointed to the security commission to be residents of this state, to the extent possible.
(i) Authorizes the presiding officer of the security commission or the chief to invite subject matter experts to advise the security commission, including individuals recognized as experts in the fields of electricity markets, cybersecurity of grid control systems, electromagnetic pulse mitigation, terrestrial and solar weather, and micro-grids. Authorizes the presiding officer to invite an individual for this purpose regardless of whether the individual is a resident of this state.
Sec. 44.003. EXECUTIVE COMMITTEE. (a) Provides that the security commission executive committee is composed of the following security commission members selected by the presiding officer:
(1) a representative of TDEM;
(2) a representative of RRC;
(3) a representative of the PUC;
(4) a representative of the independent organization certified under Section 39.151 for the ERCOT power region;
(5) two representatives of transmission and distribution utilities; and
(6) a representative of power generation companies or another member of the security commission with expertise in power generation.
(b) Requires the presiding officer, if two or more members or former members of the United States Air Force's Electromagnetic Defense Task Force join the security commission after being invited under Section 44.002(b), to select two of those members to serve on the executive committee.
(c) Prohibits the security commission from adopting a resilience standard under Section 44.006 unless the executive committee approves the standard.
Sec. 44.004. GRID RESILIENCE INFORMATION. (a) Requires each of the following members of the security commission to apply for a secret security clearance or an interim secret security clearance to be granted by the federal government: the representative of the independent organization certified under Section 39.151 for the ERCOT region; the representative of TDEM; and the representative of SORM.
(b) Provides that a member of the security commission listed under Subsection (a) who is granted an applicable security clearance under that subsection is a member of the information security working group.
(c) Requires the information security working group to determine:
(1) which information received by the security commission that is used in determining the vulnerabilities of the electric grid or that is related to measures to be taken to protect the grid is confidential and not subject to Chapter 552 (Public Information), Government Code;
(2) which members of the security commission are authorized to access which types of information received by the security commission; and
(3) which members, other than members of the working group, should apply for a secret security clearance or interim clearance granted by the federal government.
(d) Requires that information that the information security working group determines is confidential under Subsection (c) be stored and maintained by the independent organization certified under Section 39.151 for the ERCOT power region.
(e) Requires the security commission to maintain a reasonable balance between public transparency and security for information determined to be confidential under Subsection (c).
(f) Provides that nothing in this section abrogates any rights or remedies under Chapter 552, Government Code.
Sec. 44.005. GRID RESILIENCE EVALUATION. (a) Requires the security commission to evaluate, using available information on past blackouts in ERCOT, all hazards to the ERCOT electric grid, including threats that can cause future blackouts. Requires the security commission to evaluate the resilience of municipalities in this state in the following essential areas:
(1) emergency services;
(2) communications systems;
(3) clean water and sewer services;
(4) health care systems;
(5) financial services;
(6) energy systems, including an evaluation of whether energy, electric power, and fuel supplies are protected and available for recovery in the event of a catastrophic power outage; and
(7) transportation systems.
(b) Authorizes the security commission to create groups or teams to address each hazard as necessary. Requires the security commission to assess each hazard both on the likelihood of occurrence of the hazard and the potential consequences of the hazard.
(c) Requires the security commission to identify methods by which this state can support an overall national deterrence policy as proposed by the Cyberspace Solarium Commission, including by:
(1) identifying means to ensure that all hazards resilience for electric utilities supports critical national security functions in this state; and
(2) engaging the Texas National Guard to be trained as first responders to cybersecurity threats to the ERCOT electric grid and other critical infrastructure.
(d) Requires the security commission to evaluate nuclear generation sites in this state, the resilience of each nuclear reactor to all hazards, and the resilience to all hazards of off-site power for critical safety systems that support the reactor and spent fuel. Authorizes the security commission to communicate with the Nuclear Regulatory Commission to accomplish the evaluation.
(e) Requires the security commission to evaluate current Critical Infrastructure Protection standards established by the North American Electric Reliability Corporation and standards set by the National Institute of Standards and Technology to determine the most appropriate standards for protecting grid infrastructure in this state.
(f) Requires the security commission to investigate the steps that local communities and other states have taken to address grid resilience. Authorizes the security commission to request funding to conduct site visits to these locations as required.
(g) Requires the security commission to identify universities based in this state that have expertise in cybersecurity and other matters that can contribute to the security commission's goal of mitigating all hazards to the grid in this state.
(h) Authorizes the security commission, in carrying out the security commission's duties under this section, to solicit information from:
(1) defense contractors with experience protecting defense systems from electromagnetic pulse;
(2) electric utilities that have developed electromagnetic pulse protections for the utilities' grid assets;
(3) the United States Department of Homeland Security; and
(4) the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack.
Sec. 44.006. RESILIENCE STANDARDS. (a) Requires the security commission to develop and adopt resilience standards for municipalities and critical components of the ERCOT electric grid based on the findings of the evaluations and investigations conducted under Section 44.005.
(b) Requires that standards developed and adopted for energy systems of municipalities include provisions to ensure that energy, electric power, and fuel supplies are protected and available for recovery in the event of a catastrophic power outage.
Sec. 44.007. CONTRACTOR SUPPORT FOR CRITICAL SYSTEM AND COMPONENT RESILIENCE. (a) Requires SORM, with assistance from the security commission, to select contractors with proven expertise to identify critical systems and components of the ERCOT electric grid vulnerable to hazards described by Section 44.005(a) with a specific emphasis on the most dangerous cyber and electromagnetic threats.
(b) Requires a contractor selected under Subsection (a) to identify the critical components, including industrial control systems, not later than six months after the date the contractor is engaged.
(c) Requires an entity that owns or operates a component identified by a contractor under Subsection (a) as critical to upgrade the component as necessary for the component to meet the applicable standards set by the security commission under Section 44.006, not later than January 1, 2025.
(d) Requires SORM to select contractors with demonstrated expertise to verify whether an entity with a component identified as critical under Subsection (a) has upgraded components as required by Subsection (c).
Sec. 44.008. PLAN FOR ALL HAZARDS RESILIENCE. (a) Requires the security commission to prepare and deliver to the legislature a plan for protecting the ERCOT electric grid from all hazards, including a catastrophic loss of power in the state, not later than January 1, 2024.
(b) Requires that the plan include:
(1) weatherizing requirements to prevent blackouts from extreme cold weather events, an analysis of whether these requirements would induce cyber vulnerabilities, and an analysis of the associated costs for these requirements;
(2) provisions for installing, replacing, or upgrading industrial control systems and associated networks, or the use of compensating controls or procedures, in critical facilities to address cyber vulnerabilities;
(3) provisions for installing, replacing, or upgrading extra high-voltage power transformers and supervisory control and data acquisition systems to withstand 100 kilovolts/meter E1 electromagnetic pulses and 85 volts/kilometer E3 electromagnetic pulses;
(4) a timeline for making improvements to remaining infrastructure to meet resilience standards adopted by the security commission under Section 44.006;
(5) long-term resilience provisions for supporting industries including: nuclear reactors, materials, and waste; fuel supply; health care; communications; water and sewer services; food supply; and transportation; and
(6) any additional provisions considered necessary by the security commission.
(c) Authorizes the security commission to consult with the Private Sector Advisory Council in developing the plan.
(d) Requires TDEM to incorporate the plan into the state emergency management plan and update the state emergency management plan as necessary to incorporate progressive resilience improvements.
Sec. 44.009. GRID RESILIENCE REPORT. (a) Requires the security commission to prepare and deliver a nonclassified report to the legislature, the governor, and the PUC assessing natural and man-made threats to the electric grid and efforts to mitigate the threats, not later than January 1 of each year.
(b) Requires the security commission to make the report available to the public.
(c) Authorizes the security commission to hold confidential or classified briefings with federal, state, and local officials as necessary in preparing the report.
Sec. 44.010. RESILIENCE COST RECOVERY. Requires a regulatory authority to include in establishing the rates of an electric utility consideration of the costs incurred to install, replace, or upgrade facilities or equipment to meet a resilience standard established under this chapter. Requires a regulatory authority to presume that costs incurred to meet a resilience standard under this chapter are reasonable and necessary expenses.
Sec. 44.011. MICRO-GRIDS. (a) Requires the security commission to establish resilience standards for micro-grids and certify a micro-grid that meets the standards. Requires that the standards be developed for both alternating current and direct current micro-grids.
(b) Prohibits a municipality or other political subdivision from enacting or enforcing an ordinance or other measure that bans, limits, or otherwise regulates inside the boundaries or extraterritorial jurisdiction of the municipality or political subdivision a micro-grid that is certified by the security commission under this section, except as provided by Subsection (c).
(c) Provides that the owner or operator of a micro-grid certified by the security commission is a power generation company and is required to register under Section 39.351(a) (relating to filing requirements for power generation companies). Provides that the owner or operator of the micro-grid is entitled to:
(1) interconnect the micro-grid;
(2) obtain transmission service for the micro-grid; and
(3) use the micro-grid to sell electricity and ancillary services at wholesale in a manner consistent with the provisions of Title 2 (Public Utility Regulatory Act) and PUC rules applicable to a power generation company or an exempt wholesale generator.
Sec. 44.012. COMPLIANCE AND ENFORCEMENT. (a) Requires the PUC by rule to require entities that the PUC determines operate critical components of the ERCOT electric grid to comply with resilience standards adopted by the security commission under this chapter. Provides that this subsection applies only to an entity that is subject to the jurisdiction of the PUC under another provision of Subtitle B (Electronic Utilities). Authorizes the PUC to impose an administrative penalty, in the manner provided by Chapter 15 (Judicial Review, Enforcement, and Penalties), on an entity that is subject to the jurisdiction of the PUC under another provision of this subtitle for a violation of a resilience standard or of Subsection (b).
(b) Requires the PUC by rule to require each entity described by Subsection (a) to make publicly available on an Internet website the entity's compliance status with the resilience standards.
(c) Requires RRC by rule to require entities that RRC determines operate critical components of the ERCOT electric grid to comply with resilience standards adopted by the security commission under this chapter. Provides that this subsection applies only to an entity that is subject to the jurisdiction of RRC under Section 81.051 (Jurisdiction of Commission), Natural Resources Code. Authorizes RRC to impose an administrative penalty, in the manner provided by Chapter 81 (Railroad Commission of Texas), Natural Resources Code, on an entity that is subject to the jurisdiction of RRC as under Section 81.051, Natural Resources Code, for a violation of a resilience standard or of Subsection (d).
(d) Requires RRC by rule to require each entity described by Subsection (c) to make publicly available on an Internet website the entity's compliance status with the resilience standards.
SECTION 3. Requires the security commission to prepare and deliver a report to the legislature on the progress of implementing resilience standards adopted and implemented under Sections 44.006 and 44.007, Utilities Code, as added by this Act, not later than January 1, 2025.
SECTION 4. Effective date: upon passage or September 1, 2023.