AB 853, as amended, Roger Hernández. Electrical and gas corporations: security of plant and facilities.
Under existing law, the Public Utilities Commission has regulatory authority over public utilities, including electrical corporations and gas corporations, as defined. If the commission finds after a hearing that the rules, practices, equipment, appliances, facilities, or service of any public utility, or of the methods of manufacture, distribution, transmission, storage, or supply employed by the public utility, are unjust, unreasonable, unsafe, improper, inadequate, or insufficient, the Public Utilities Act requires that the commission determine and, by order or rule, fix the rules, practices, equipment, appliances, facilities, service, or methods to be observed, furnished, constructed, enforced, or employed. The Public Utilities Act requires the commission to prescribe rules for the performance of any service or the furnishing of any commodity of the character furnished or supplied by any public utility and, on proper demand and tender of rates, require the public utility to furnish the commodity or render the service within the time and upon the conditions provided in the rules adopted by the commission.
This bill would, to the extent feasible, require an electrical corporation or gas corporation to utilize direct employees, as defined, for any work associated with the design, engineering, and operation of its nuclear, electrical, and gas infrastructure, including all computer and information technology systems, unless the utility files a Tier 3 advice letter with the commission that demonstrates that the work can be performed safely and securely, and without jeopardizing the security of its nuclear, electrical, and gas
begin delete infrastructureend delete by
persons that are not direct employees. The bill would require the commission to open a proceeding, or expand the scope of an existing proceeding, to evaluate the advice letter and to hold not less than one duly noticed public hearing for the proceeding. The bill would require the commission to issue a written decision determining whether the electrical corporation or gas corporation may utilize persons that are not direct employees for the described work.
Under existing law, a violation of the Public Utilities Act or any order, decision, rule, direction, demand, or requirement of the commission is a crime.
Because the provisions of this bill would be a part of the act and because a violation of an order or decision of the commission implementing its requirements would be a crime, the bill would impose a state-mandated local program by creating a new crime.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that no reimbursement is required by this act for a specified reason.
Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: yes.
The people of the State of California do enact as follows:
Section 764 is added to the Public Utilities Code,
(a) The Legislature finds and declares all of the following:
4(1) Protecting the security of nuclear, electrical, and natural gas
5utility systems is a paramount state interest.
P3 1(2) Protecting the privacy of ratepayers’ personal information,
2including usage information, is a paramount state interest.
3(3) Recent intrusions into major corporate computer systems,
4including Sony and Anthem Blue Cross, and the theft of
5information from those systems have demonstrated the
6vulnerability of those systems.
7(4) The computer systems of California’s electrical corporations
8and gas corporations have information about the design,
9engineering, and operation of the nuclear, electrical, and natural
10gas utility infrastructure, as well as personal information about
11California ratepayers. This information could be used to
12compromise the security of California’s utility infrastructure and
13the privacy of California’s ratepayers.
14(5) Widespread deployment of smart meters, smart grid
15equipment, and microgrids increases the importance of protecting
16the computer systems of electrical corporations and gas
18(6) The part of any computer system that is most vulnerable to
19being compromised is the personnel who operate that system.
20(7) Electrical corporations and gas corporations should make
21every reasonable effort to protect their computer systems from
23(8) To protect the security of electrical and natural gas utility
24computer systems, including nuclear infrastructure, the information
25technology personnel who operate those systems should be direct
26employees of the electrical corporation or gas corporation.
27(9) To protect the security of nuclear, electrical, and gas utility
28infrastructure, the design, engineering, and operation of that
29infrastructure should, to the extent feasible, be performed by direct
30employees of the electrical corporation or gas corporation.
31(b) For purposes of this section, “direct employees”
32construction or maintenance work include the employees of a
33contractor or subcontractor licensed in California and working
34under the direct supervision of the electrical corporation or gas
36(c) To the extent feasible, an electrical corporation or gas
37corporation shall utilize direct employees for any work associated
38with the design, engineering, and operation of its nuclear, electrical,
39and gas infrastructure, including all computer and information
40technology systems, unless the utility complies with the
P4 1requirements of this section and obtains the approval of the
2commission pursuant to this section.
3(d) Before utilizing persons that are not direct employees for
4work associated with the design, engineering, and operation of its
5nuclear, electrical, and gas infrastructure, including all computer
6and information technology systems, an electrical corporation or
7gas corporation shall file a Tier 3 advice letter with the commission
8that demonstrates that the work can be performed safely and
9securely, and without jeopardizing the security of its nuclear,
10electrical, and gas infrastructure.
11(e) The commission shall open a proceeding, or expand the
12scope of an existing proceeding, to evaluate the advice letter. The
13commission shall hold not less than one duly noticed public hearing
14for the proceeding. The commission shall issue a written decision
15determining whether the electrical corporation or gas corporation
16may utilize persons that are not direct employees for the described
No reimbursement is required by this act pursuant to
24Section 6 of Article XIII B of the California Constitution because
25the only costs that may be incurred by a local agency or school
26district will be incurred because this act creates a new crime or
27infraction, eliminates a crime or infraction, or changes the penalty
28for a crime or infraction, within the meaning of Section 17556 of
29the Government Code, or changes the definition of a crime within
30the meaning of Section 6 of Article XIII B of the California