BILL ANALYSIS �Ó
AB 853
Page 1
Date of Hearing: April 27, 2015
ASSEMBLY COMMITTEE ON UTILITIES AND COMMERCE
Anthony Rendon, Chair
AB 853
(Roger Hernández) - As Amended March 24, 2015
SUBJECT: Electrical and gas corporations: security of plant
and facilities
SUMMARY: This bill requires an electrical or gas corporation to
utilize direct employees for any work associated with its
infrastructure and computer systems, as specified.
Specifically, this bill:
a)Requires an electrical or gas corporation, to the extent
feasible, utilize direct employees for any work associated
with the design, engineering, and operation of its nuclear,
electrical, and gas infrastructure, including all computer and
information technology systems.
b)Defines "direct employees" for construction or maintenance
work to include the employees of a contractor or subcontractor
licensed in California and working under the direct
supervision of the electrical or gas corporation.
c)Requires an electrical or gas corporation, before utilizing
non-direct employees, to file a Tier 3 advice letter with the
California Public Utilities Commission (CPUC) that
�
AB 853
Page 2
demonstrates that the work can be performed safely and
securely, and without jeopardizing the security of its
nuclear, electrical, and gas infrastructure.
d)Requires the CPUC to open a proceeding, or expand the scope of
an existing proceeding, to evaluate the advice letter and hold
at least one duly noticed public hearing for the proceeding.
e)Requires the CPUC to issue a written decision determining
whether the electrical or gas corporation may utilize persons
that are not direct employees for the described work.
EXISTING LAW:
1)Gives the CPUC regulatory authority over public utilities,
including electrical corporations and gas corporations, as
defined. (Public Utilities Code Sections 218 and 222)
2)Requires the CPUC, after a hearing, finds that the rules,
practices, equipment, appliances, facilities, or service of
any public utility, or the methods of manufacture,
distribution, transmission, storage, or supply employed by it,
are unjust, unreasonable, unsafe, improper, inadequate, or
insufficient, to determine and, by order or rule, fix the
rules, practices, equipment, appliances, facilities, service,
or methods to be observed, furnished, constructed, enforced,
or employed. (Public Utilities Code Section 761)
3)Requires the CPUC to prescribe rules for the performance of
any service or the furnishing of any commodity of the
character furnished or supplied by any public utility, and, on
proper demand and tender of rates, require such public utility
to furnish such commodity or render such service within the
�
AB 853
Page 3
time and upon the conditions provided in such rules. (Public
Utilities Code Section 761)
FISCAL EFFECT: Unknown.
COMMENTS:
1)Author's Statement: "Protecting the security of nuclear,
electric and natural gas utility systems (as well as the
privacy of ratepayer personal information) is a paramount
state interest. However, recent intrusions into major
corporate computer systems such as Sony and Anthem Blue Cross
and theft of information from those systems have demonstrated
the vulnerability of those systems. ? Electrical corporations
and gas corporations should make every reasonable effort to
protect their computer systems from unauthorized intrusions.
Unfortunately, recent events have raised concerns about the
safety and security of such systems. ? AB 853 will prohibit
an electric or gas corporation from outsourcing critical
nuclear, electrical and gas infrastructure work, including
computer and information technology systems, without first
obtaining approval from the Public Utilities Commission."
2)Background: Recently, Southern California Edison (SCE)
announced plans to lay off hundreds of employees and hire
foreign workers. SCE announced that it was laying off about
400 information technology employees, with an additional 100
leaving voluntarily. SCE said that it was outsourcing some
tech-related work to two Indian companies, Infosys in
Bangalore and Tata Consultancy Services in Mumbai, after
looking at multiple firms. According to SCE, about 70% of the
work would be done by Tata and Infosys will be completed
offshore, but did not know whether or not foreign workers
would be brought to the US to complete the remaining 30% of
the work. SCE said the layoffs are necessary to stay
�
AB 853
Page 4
competitive.
In addition, some of the foreign workers hired by SCE are in
the US because of the H-1B visa. The H-1B visa allows United
States (US) companies to temporarily hire foreign workers in
certain occupations. The number of visas is capped at 65,000
(plus 20,000 for workers with master's degrees) annually. The
visa is a way to encourage foreign workers with specific
expertise, mostly in science, technology, engineering, and
mathematics related fields, to work in the US in areas where
there is a shortage of US workers. In March 2015, the US
Senate Judiciary Committee held a hearing on "Immigration
Reforms Needed to Protect Skilled American Workers." The
hearing focused on problems with the H-1B and other visa
programs. The hearing noted that the visas are used to bring
high-skilled workers into the US so that companies can
continue to attract world-class talent and continue to lead on
the global stage. However, the hearing highlighted troubling
stories of abuses that have caused the displacement of
American workers, and noted that these visa programs are to be
used to complement the US workforce, not displace it.
3)Security of Utility Infrastructure: This bill declares that
protecting the security of nuclear, electrical, and natural
gas utility systems, as well as the privacy of ratepayers'
personal information is a paramount state interest. It
further declares that California's electrical and gas
corporation's computer systems have information about the
design, engineering, and operation of the utility
infrastructure, and that this information could be used to
compromise the security of California's utility infrastructure
and privacy of California ratepayers. In light of the recent
intrusions into major corporate computer systems, the bill
notes that the part of any computer system that is most
vulnerable to being compromised is the personnel who operate
the system. The bill declares that electrical and gas
corporations should make every reasonable effort to protect
�
AB 853
Page 5
their computer systems from unauthorized intrusions and, to do
so, the information technology personnel who operate those
systems should be direct employees of the utility.
This bill would require an electrical or gas corporation to
use direct employees for any work associated with the design,
engineering, and operation of its nuclear, electrical, and gas
infrastructure, including all computer and information
systems, to the extent feasible. Furthermore, this bill would
prohibit an electrical or gas corporation from using a
non-direct employee, unless it files a Tier 3 advice letter
with the CPUC that demonstrates that the work can be performed
safely and securely, and without jeopardizing the security of
the utilities infrastructure. The CPUC then must open or
expand the scope of a proceeding to evaluate the advice letter
over at least one public hearing and issue a written decision
determining whether the electrical or gas corporation may
utilize the non-direct employee for the described work.
The author may wish to clarify that it intends to apply this
bill only to electric or gas public utilities and not all
electrical corporations and gas corporations.
4)Suggested Amendments:
764.(a) The Legislature finds and declares all of the
following:
(1)Protecting the security of nuclear, electrical, and natural
gas utility systems is a paramount state interest.
(2)Protecting the privacy of ratepayers' personal information,
including usage information, is a paramount state interest.
(3)Recent intrusions into major corporate computer systems,
including Sony and Anthem Blue Cross, and the theft of
information from those systems have demonstrated the
�
AB 853
Page 6
vulnerability of those systems.
(4)The computer systems of California's electrical corporations
and gas corporations have information about the design,
engineering, and operation of the nuclear, electrical, and
natural gas utility infrastructure, as well as personal
information about California ratepayers. This information
could be used to compromise the security of California's
utility infrastructure and the privacy of California's
ratepayers.
(5)Widespread deployment of smart meters, smart grid equipment,
and microgrids increases the importance of protecting the
computer systems of electrical corporations and gas
corporations.
(6)The part of any computer system that is most vulnerable to
being compromised is the personnel who operate that system.
(7)Electrical corporations and gas corporations should make
every reasonable effort to protect their computer systems from
unauthorized intrusions.
(8)To protect the security of electrical and natural gas utility
computer systems, including nuclear infrastructure, the
information technology personnel who operate those systems
should be direct employees of the electrical corporation or
gas corporation electric or gas public utility .
(9)To protect the security of nuclear, electrical, and gas
utility infrastructure, the design, engineering, and operation
of that infrastructure should, to the extent feasible, be
performed by direct employees of the electrical corporation or
gas corporation electric or gas public utility .
(b) For purposes of this section, "direct employees" for
construction or maintenance work include the employees of a
contractor or subcontractor licensed in California and working
under the direct supervision of the electrical corporation or
gas corporation electric or gas public utility .
(c) To the extent feasible, an electrical corporation or gas
corporation electric or gas public utility shall utilize
direct employees for any work associated with the design,
engineering, and operation of its nuclear, electrical, and gas
infrastructure, including all computer and information
�
AB 853
Page 7
technology systems, unless the utility complies with the
requirements of this section and obtains the approval of the
commission pursuant to this section.
(d) Before utilizing persons that are not direct employees for
work associated with the design, engineering, and operation of
its nuclear, electrical, and gas infrastructure, including all
computer and information technology systems, an electrical
corporation or gas corporation electric or gas public utility
shall file a Tier 3 advice letter with the commission that
demonstrates that the work can be performed safely and
securely, and without jeopardizing the security of its
nuclear, electrical, and gas infrastructure.
(e) The commission shall open a proceeding, or expand the
scope of an existing proceeding, to evaluate the advice
letter. The commission shall hold not less than one duly
noticed public hearing for the proceeding. The commission
shall issue a written decision determining whether the
electrical corporation or gas corporation electric or gas
public utility may utilize persons that are not direct
employees for the described work.
1)Arguments in Support: According to the Coalition of
California Utility Employees, the sponsor of the bill, "while
the actions of SCE as an employer are deplorable, this
activity rings alarm bells that need to be addressed.
Outsourcing any information technology work to foreign
companies that operate off of our borders makes vulnerable
grid systems, customer data, sites of extremely high danger
and sensitivity without any oversight. This kind of access is
a direct threat to our national security and integrity of grid
systems that in some cases include nuclear power. AB 853 is
needed to ensure that if any work is going to be outsourced
that security and safety measures are in place to guarantee
the integrity of the data and information that is at the
finger-tips of these foreign staffing companies. While we
would hope that employers like SCE would not abuse well
intentioned programs like the H1B visa program and would
instead prefer to keep a locally based, engaged and well
trained work force we realize that some companies bottom line
�
AB 853
Page 8
is more important. While we never stop fighting for the
rights of all workers we must not let these abusers endanger
our grid systems and our safety."
REGISTERED SUPPORT / OPPOSITION:
Support
Coalition of California Utility Employees (Sponsor)
California Labor Federation
California State Association of Electrical Workers
California State Pipe Trades Council
Elevator Constructors Union
Western States Council of Sheet Metal Workers
Opposition
None on file.
�
AB 853
Page 9
Analysis Prepared by:Edmond Cheung / U. & C. / (916) 319-2083