BILL ANALYSIS �Ó 1
SENATE ENERGY, UTILITIES AND COMMUNICATIONS COMMITTEE
ALEX PADILLA, CHAIR
SB 699 - Hill Hearing Date: August 28,
2014 S
As Amended: August 22, 2014 FISCAL B
6
9
9
NOTE : The Assembly amendments create a new bill and this
measure has been referred to the Committee pursuant to Senate
Rule 29.10 (d) for consideration. The Committee may, by a vote
of the majority, either: (1) hold the bill, or (2) return the
bill to the Senate floor for consideration of the bill as
amended in the Assembly.
DESCRIPTION
Current law requires the California Public Utilities Commission
(CPUC) to adopt inspection, maintenance, repair, and replacement
standards for the distribution systems of investor-owned
electric utilities (IOUs). (Public Utilities Code § 364)
This bill requires the CPUC to consider adopting rules to
address physical security risks to the distribution systems of
electrical corporations in a new proceeding, or new phase of an
existing proceeding, by July 1, 2015.
Current law requires that the records of every state agency be
made available for public inspection upon request, with certain
exemptions and subject to procedures. This law is commonly
referred to as the California Public Records Act (CPRA).
Exemptions for specified information are included but an agency
must justify withholding any record by demonstrating that the
record in question is exempt under the law or that on the facts
of the particular case the public interest served by not
disclosing the record clearly outweighs the public interest
served by disclosure of the record. (Government Code § 6250 et
seq.)
�
Current law establishes a presumption against public disclosure
of any information submitted to the CPUC by a public utility
unless the CPUC orders the information to be made public or made
public in the course of a CPUC hearing or proceeding. Any
official or employee of the CPUC who releases confidential
information not ordered for release is guilty of a misdemeanor.
(Public Utilities Code § 583)
This bill authorizes the CPUC to, consistent with other
provisions of law, withhold from the public information
generated or obtained pursuant to these rules that it deems
would pose a security threat to the public if disclosed.
BACKGROUND
HV Transformers - The electric utility industry operates as an
integrated system of generation, transmission, and distribution
facilities to deliver electric power to consumers. In the United
States, this system consists of over 9,000 electric generating
units connected to over 200,000 miles of high-voltage
transmission lines strung between large towers and rated at 230
kilovolts (kV) or greater. This network is interspersed with
hundreds of large electric power transformers whose function is
to adjust electric voltage as needed to move power across the
network. High voltage (HV) transformer units make up less than
3% of transformers in U.S. power substations, but they carry
60%-70% of the nation's electricity. Because they serve as
vital transmission network nodes and carry bulk volumes of
electricity, HV transformers are critical elements of the
nation's electric power grid.
The U.S. electric power grid has historically operated with such
high reliability that any major disruption, either caused by
weather, operational errors, or sabotage, makes news headlines.
Such outages can have considerable negative impacts on business,
government services, and daily life. Notwithstanding its high
reliability overall, the U.S. power grid has periodically
experienced major regional outages. Recent examples include the
Northeast Blackout of 2003 (which affected 55 million customer
in eight states and Canada) and extended outages in the New
�
York/New Jersey area after Superstorm Sandy in 2012.<1>
Grid Vulnerability - The vulnerability of individual transformer
substations has been demonstrated by successful attacks in
recent years. In the most serious case, a rifle attack occurred
in April 2013 at PG&E's 500 kV Metcalf substation south of San
Jose. In this attack, multiple individuals outside the
substation reportedly shot and severely damaged 17 HV
transformer radiators with .30 caliber rounds, causing them to
leak cooling oil, overheat, and become inoperative and requiring
over $15 million worth of repairs. To avert a black-out, the
California Independent System Operator rerouted power from
nearby Silicon Valley-based power plants.
It is very difficult to restore a damaged HV transformer
substation. Transmission experts assert that most HV
transformers currently in service are custom designed and,
therefore, cannot be generally interchanged. Furthermore, at
$3-$5 million per unit or more, maintaining large inventories of
spare HV transformers solely as emergency replacements is
prohibitively costly, so limited extras are on hand.
State and Federal Jurisdiction - Regulatory jurisdiction over
transmission towers and substations is split between state and
federal agencies based on the capacity of the transmission. The
Federal Energy Regulatory Commission, or FERC, is an independent
agency that regulates the interstate transmission of electricity
including the "Bulk-Power System" and related facilities
including some high voltage transmission and substations.
Smaller capacity lines and substations are under the
jurisdiction of the CPUC.
Several grid security guidelines or standards have been
developed or proposed to address the physical security of the
grid, including HV transformers. These standards have been
promulgated by the North American Electric Reliability
---------------------------
<1> Physical Security of the U.S. Power Grid: High-Voltage
Transformer Substations". Congressional Research Service. June
17, 2014.
�
Corporation,<2> at the direction of FERC, as voluntary best
practices since at least 2002, with subsequent revisions.
However, in the wake of the Metcalf incident, FERC has ordered
the imposition of mandatory physical security standards in 2014
which are under development by NERC. The standards are intended
to require, at least:
Risk assessment of facilities to determine criticality;
Evaluation of potential threats and vulnerabilities; and
Development and implementation of a security plan.
Earlier this year the CPUC's Safety and Enforcement Division
(SED) directed the IOUs to "[E]xamine your company's security
programs and make any necessary changes to minimize the
likelihood of a physical or cyber-attack." This direction was
followed by a two-day workshop on security issues. At this
juncture the CPUC reports that it is waiting for finalization of
the NERC standards before taking further action.
Historical CPUC Records Disclosure Policy - Unlike other state
agencies, the CPUC operates under a statute (Public Utilities
Code § 583) which, in practice, has made public access to much
of the information in its proceedings the exception, rather than
the rule without positive action by the CPUC to make those
documents public. According to prior analyses on this issue,
the statute has its origins in a law enacted in 1951.
Notwithstanding the subsequent "open government" reforms in
California reflected in the CPRA, the statutory standard for
public access to utility filings held by the CPUC, has not
fundamentally changed since 1951.
The CPRA gives every person the right to inspect and obtain
copies of all state and local government documents not exempt
from disclosure. Exemptions include corporate financial records
and corporate proprietary information, including trade secrets.
The CPRA also specifically provides that information held by the
CPUC which is deemed confidential under Public Utilities Code §
583 is not required to be disclosed. However, the "exemptions"
of the CPRA are narrowly construed and the fact that a record
may fall within a CPRA exemption does not preclude the CPUC from
disclosing the record if the CPUC believes disclosure is in the
---------------------------
<2> The North American Electric Reliability Corporation (NERC)
is a not-for-profit international regulatory authority whose
mission is to ensure the reliability of the bulk power system in
North America.
�
public interest.
COMMENTS
1. Author's Purpose . According to the author, the security
of our nation's infrastructure is of paramount importance.
The recent sophisticated attack on an electric substation
that a former vice president at PG&E described as a "dress
rehearsal" for future attacks is evidence - not only that
we are vulnerable - but that our vulnerabilities are
clearly understood by those who wish to exploit them. As
has been made clear by a recent National Research Council
report, one of the best ways to protect ourselves from an
attack on the electric grid is to lessen the damage that
any attack can do. If we lessen the consequence of the
failure of any one location or piece of equipment, if we
increase the speed with which we can respond to an outage,
if we can protect critical facilities from power disruption
by using clean distributed generation, then the effort
required for a malicious actor to seriously disrupt our
power delivery system will make the target much less
interesting - and we will be left with a more reliable
grid.
2. Necessity . This bill requires the CPUC to engage in a
public proceeding in which it considers the adoption of
rules to address the physical security risks of the grid.
The work of NERC will inform the process. Current
reliability and safety standards at the state and federal
level do not specifically require IOUs to take steps to
reasonably protect against physical security attacks. This
bill will fill that gap.
It is important to note that there is generally not a "one
size fits all" response to protect against physical
security threats. The effectiveness of the standards will
require due diligence and constant vigilance by the IOUs.
POSITIONS
Sponsor:
�
Author
Support:
None on file.
Oppose:
None on file.
Kellie Smith
SB 699 Analysis
Hearing Date: August 28, 2014