Bill Text: NY A10006 | 2019-2020 | General Assembly | Introduced
Bill Title: Relates to critical energy infrastructure security and responsibility; relates to the protection of critical infrastructure in the state.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Introduced - Dead) 2020-07-17 - reported referred to rules [A10006 Detail]
Download: New_York-2019-A10006-Introduced.html
STATE OF NEW YORK ________________________________________________________________________ 10006 IN ASSEMBLY March 4, 2020 ___________ Introduced by M. of A. CUSICK -- read once and referred to the Committee on Energy AN ACT to amend the energy law, the executive law and the public service law, in relation to critical energy infrastructure security and responsibility The People of the State of New York, represented in Senate and Assem- bly, do enact as follows: 1 Section 1. Subdivision 1 of section 3-101 of the energy law, as 2 amended by chapter 253 of the laws of 2013, is amended to read as 3 follows: 4 1. to obtain and maintain an adequate and continuous supply of safe, 5 dependable and economical energy for the people of the state, including 6 through the protection of critical energy infrastructure as defined in 7 subdivision fourteen of section 1-103 of this chapter, and to accelerate 8 development and use within the state of renewable energy sources, all in 9 order to promote the state's economic growth, to create employment with- 10 in the state, to protect its environmental values and agricultural 11 heritage, to husband its resources for future generations, and to 12 promote the health and welfare of its people; 13 § 2. Section 1-103 of the energy law is amended by adding two new 14 subdivisions 14 and 15 to read as follows: 15 14. "Critical energy infrastructure" means systems, including indus- 16 trial control systems, customer electrical or gas consumption data, 17 assets, places or things, whether physical or virtual, so vital to the 18 state that the disruption, incapacitation or destruction of such 19 systems, including industrial control systems, customer electrical or 20 gas consumption data, assets, places or things could jeopardize the 21 health, safety, welfare, energy distribution, transmission, reliability, 22 or security of the state, its residents or its economy. 23 15. "Industrial control systems" means a combination of control compo- 24 nents that support operational functions in gas, distribution, trans- 25 mission, and advanced metering infrastructure control centers, and act 26 together to achieve an industrial objective, including controls that are 27 fully automated or that include a human-machine interface. EXPLANATION--Matter in italics (underscored) is new; matter in brackets [] is old law to be omitted. LBD15175-02-0A. 10006 2 1 § 3. Paragraph (j) of subdivision 2 of section 709 of the executive 2 law, as amended by section 14 of part B of chapter 56 of the laws of 3 2010, is amended to read as follows: 4 (j) work with local, state and federal agencies and private entities 5 to conduct assessments of the vulnerability of critical infrastructure 6 to terrorist attack, cyber attack, and other natural and man-made disas- 7 ters, including, but not limited to, nuclear facilities, power plants, 8 telecommunications systems, mass transportation systems, public road- 9 ways, railways, bridges and tunnels, and attendant industrial control 10 systems as defined by subdivision fifteen of section 1-103 of the energy 11 law and develop strategies that may be used to protect such infrastruc- 12 ture from terrorist attack, cyber attack, and other natural and man-made 13 disasters; 14 § 4. Paragraph (a) of subdivision 19 of section 66 of the public 15 service law, as amended by section 4 of part X of chapter 57 of the laws 16 of 2013, is amended to read as follows: 17 (a) The commission shall have power to provide for management and 18 operations audits of gas corporations and electric corporations. Such 19 audits shall be performed at least once every five years for combination 20 gas and electric corporations, as well as for straight gas corporations 21 having annual gross revenues in excess of two hundred million dollars. 22 The audit shall include, but not be limited to, an investigation of the 23 company's construction program planning in relation to the needs of its 24 customers for reliable service, an evaluation of the efficiency of the 25 company's operations and protection of critical energy infrastructure as 26 defined in subdivision fourteen of section 1-103 of the energy law, 27 recommendations with respect to same, and the timing with respect to the 28 implementation of such recommendations. The commission shall have 29 discretion to have such audits performed by its staff, or by independent 30 auditors. 31 In every case in which the commission chooses to have the audit 32 provided for in this subdivision or pursuant to subdivision fourteen of 33 section sixty-five of this article performed by independent auditors, it 34 shall have authority to select the auditors, and to require the company 35 being audited to enter into a contract with the auditors providing for 36 their payment by the company. Such contract shall provide further that 37 the auditors shall work for and under the direction of the commission 38 according to such terms as the commission may determine are necessary 39 and reasonable. 40 § 5. Paragraph (a) of subdivision 21 of section 66 of the public 41 service law, as added by section 4 of part X of chapter 57 of the laws 42 of 2013, is amended to read as follows: 43 (a) Each electric corporation subject to section twenty-five-a of this 44 chapter shall annually, on or before December fifteenth, submit to the 45 commission an emergency response plan for review and approval. The emer- 46 gency response plan shall be designed for the reasonably prompt restora- 47 tion of service in the case of an emergency event, defined for purposes 48 of this subdivision as an event where widespread outages have occurred 49 in the service territory of the company due to storms, cyber attack, or 50 other causes beyond the control of the company. The emergency response 51 plan shall include, but need not be limited to, the following: (i) the 52 identification of management staff responsible for company operations 53 during an emergency; (ii) a communications system with customers during 54 an emergency that extends beyond normal business hours and business 55 conditions; (iii) identification of and outreach plans to customers who 56 had documented their need for essential electricity for medical needs;A. 10006 3 1 (iv) identification of and outreach plans to customers who had docu- 2 mented their need for essential electricity to provide critical telecom- 3 munications, critical transportation, critical fuel distribution 4 services or other large-load customers identified by the commission; (v) 5 designation of company staff to communicate with local officials and 6 appropriate regulatory agencies; (vi) provisions regarding how the 7 company will assure the safety of its employees and contractors; (vii) 8 procedures for deploying company and mutual aid crews to work assignment 9 areas; (viii) identification of additional supplies and equipment needed 10 during an emergency; (ix) the means of obtaining additional supplies and 11 equipment; (x) procedures to practice the emergency response plan; (xi) 12 appropriate safety precautions regarding electrical hazards, including 13 plans to promptly secure downed wires within thirty-six hours of notifi- 14 cation of the location of such downed wires from a municipal emergency 15 official; and (xii) such other additional information as the commission 16 may require. Each such corporation shall, on an annual basis, undertake 17 drills implementing procedures to practice its emergency management 18 plan. The commission may adopt additional requirements consistent with 19 ensuring the reasonably prompt restoration of service in the case of an 20 emergency event. 21 § 6. Section 66 of the public service law is amended by adding two new 22 subdivisions 29 and 30 to read as follows: 23 29. Promulgate rules and regulations to direct electric or gas corpo- 24 rations to develop and implement tools to continuously monitor opera- 25 tional control networks giving the electric or gas corporation the abil- 26 ity to undertake the immediate detection of unauthorized network 27 behavior related to such corporation's industrial control systems, as 28 defined in subdivision fifteen of section 1-103 of the energy law. On or 29 before December thirty-first, two thousand twenty-two and not later than 30 five years after such date, and every five years thereafter, the commis- 31 sion shall provide a report to the governor, the temporary president of 32 the senate, the speaker of the assembly, the chairperson of the assembly 33 standing committee on energy, and the chairperson of the senate standing 34 committee on energy and telecommunications reviewing electric or gas 35 corporation compliance with this section, including, as necessary, 36 recommendations to the legislature if the commission determines that 37 additional measures are required to ensure the effective protection of 38 electric or gas corporation critical infrastructure. 39 30. Promulgate rules and regulations to direct electric or gas corpo- 40 rations to require the installation of advanced metering infrastructure 41 that connects to the electric or gas distribution network operated by 42 such electric or gas corporation be permitted only so long as access to 43 the advanced meter infrastructure is granted via a wireless mesh inter- 44 operability standard that is shared by at least two advanced metering 45 infrastructure providers operating within the United States of America. 46 § 7. This act shall take effect on the one hundred eightieth day after 47 it shall have become a law. Effective immediately, the public service 48 commission is authorized and directed to take actions necessary to 49 promulgate rules and regulations related to the implementation of subdi- 50 visions 29 and 30 of section 66 of the public service law on or before 51 such effective date.