SB 1218

Bill Subjects

Abstract

Under existing law, the Public Utilities Commission has regulatory authority over public utilities, including electrical corporations and gas corporations, while local publicly owned electric utilities and local publicly owned gas utilities are under the direction of their governing boards. Existing law provides that the commission has no authority to establish rates or regulate the borrowing of money, the issuance of evidences of indebtedness, or the sale, lease, assignment, mortgage, or other disposal or encumbrance of the property of any electrical cooperative, but that electrical cooperatives are otherwise subject to the regulatory authority of the commission pursuant to the Public Utilities Act. Existing law requires the commission to adopt inspection, maintenance, repair, and replacement standards, and to consider adopting rules to address the physical security risks to the distribution systems of electrical corporations, and requires the standards or rules to provide for high-quality, safe, and reliable service. Existing law requires the commission to also adopt standards for operation, reliability, and safety during periods of emergency and disaster. Existing law requires the commission, in setting its standards and rules, to consider cost, local geography and weather, applicable cybersecurity standards, potential physical security risks, national electrical industry practices, sound engineering judgment, and experience. Existing law requires the commission to conduct a review to determine whether the standards or rules have been met by an electrical corporation or gas corporation, including performing the review after every major outage. If the commission finds that the standards or rules have not been met, the commission is authorized to order appropriate sanctions, including penalties in the form of rate reductions or monetary fines. This bill would require the commission to adopt inspection, detection, response, and replacement standards, and to adopt rules, to address the cybersecurity risks to the transmission and distribution systems of electrical corporations, electrical cooperatives, and gas corporations, and would require the standards or rules to provide for secure and reliable service. The bill would also require the commission to adopt standards for operation, reliability, and safety during periods of emergency and disaster. The bill would require the commission, in setting its standards or rules, to consider cost, applicable codes, potential cybersecurity risks, national security frameworks, sound engineering judgment, and experience. The bill would require the commission to conduct a review to determine whether the standards or rules have been met, including performing the review after every major service outage or data breach. The bill would require each electrical corporation, electrical cooperative, and gas corporation to report annually on its compliance with the standards or rules and provide that the report be made available to the public, but would authorize the commission, consistent with other provisions of law, to withhold from the public information generated or obtained that the commission determines would pose a security threat to the public if disclosed. This bill would require each local publicly owned electric utility and local publicly owned gas utility to construct, maintain, and operate its electrical and gas transmission and distribution systems in a manner that will minimize the cybersecurity risks to those lines and equipment. The bill would require each local publicly owned electric utility and local publicly owned gas utility to annually prepare a cybersecurity plan and to present its plan to its governing board for review. The bill would authorize a local publicly owned electric utility or local publicly owned gas utility to contract with a qualified independent evaluator with experience in assessing the cybersecurity risk of electrical and gas infrastructure to review and assess the comprehensiveness of its cybersecurity plan, and would require any independent evaluator so retained to issue a report and to present the findings of the report at a meeting of the governing board. The bill would authorize the governing board, consistent with other provisions of law, to withhold from the public information generated or obtained pursuant to the bill's requirements that the governing board determines would pose a security threat to the public if disclosed. Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest. This bill would make legislative findings to that effect. The California Constitution requires local agencies, for the purpose of ensuring public access to the meetings of public bodies and the writings of public officials and agencies, to comply with a statutory enactment that amends or enacts laws relating to public records or open meetings and contains findings demonstrating that the enactment furthers the constitutional requirements relating to this purpose. This bill would make legislative findings to that effect. Under existing law, a violation of the Public Utilities Act or any order, decision, rule, direction, demand, or requirement of the commission is a crime. Because this bill would require action by the commission to implement its requirements with respect to electrical corporations, electrical cooperatives, and gas corporations and a violation of the standards or rules adopted by the commission would be a crime, the bill would impose a state-mandated local program by expanding the definition of a crime. By placing additional duties on local publicly owned electric utilities and gas utilities, the bill would impose a state-mandated local program. The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement. This bill would provide that no reimbursement is required by this act for specified reasons.