Dive Brief:
- Texas lawmakers last week passed two legislative measures to strengthen the state's defense against cyber and physical attacks of its electric grid.
- Senate Bill 475 would establish the Texas Electric Grid Security Council to coordinate the sharing and implementation of best security practices within the industry.
- Senate Bill 936 would create a framework for collaboration among state regulators, utilities and the reliability coordinator to secure critical grid infrastructure against cyberattacks through a cybersecurity monitor program.
Dive Insight:
The threat of cyberattacks disrupting the U.S. power grid turned from hypothetical to reality when it was reported that an anonymous Western utility lost visibility of certain system parts due to a "cyber event" in early March. While not officially confirmed, the report highlighted the vulnerability of America's energy infrastructure.
Texas lawmakers addressed the issue last week by passing a pair of bills to increase oversight, collaboration and implementation of cybersecurity practices across the state. The two bills, SB 475 and SB 936, were authored by state Sen. Kelly Hancock, R, who was not available for comment.
Tom Glass, head of Protect the Texas Grid and candidate for the Texas senate in last November's election, called SB 475 the state's first grid protection bill.
Under the bill, the Texas Electric Grid Security Council — composed of a governor's appointee, a member of the Public Utilities Commission and the chief executive officer of Electric Reliability Council of Texas — will be tasked with developing grid security standards, preparing for grid-related security threats and amending the state emergency plan to ensure coordinated response and recovery efforts.
"The purpose of the bill is to promote more collaboration among utilities, generators and regulators, including the federal agencies and classified information to ensure the best and latest security practices are shared with members of the grid security council, and that the participants in the electric grid of all sizes and structures are able to defend against all attacks," Hancock said during a March Senate hearing.
Furthermore, the bill authorizes the council to prepare a report on the state's grid security response efforts and deliver it to the governor, lieutenant governor and legislature by Dec. 1.
Hancock's second bill, SB 936, aims to bring the various energy stakeholders in the state together to develop strategies of how to best secure the energy grid against cyberattacks through a cybersecurity monitor. According to the bill's language, the state PUC will contract with an entity to act as the cybersecurity monitor for specific purposes, including:
- managing a comprehensive cybersecurity outreach program;
- meeting regularly with monitored utilities to discuss emerging threats, best business practices, and training opportunities;
- reviewing self-assessments voluntarily disclosed by monitored utilities of cybersecurity efforts;
- researching and developing best business practices regarding cybersecurity; and
- reporting to the commission on monitored utility cybersecurity preparedness.
The bill also requires the PUC to allow electric utilities to "recover reasonable and necessary costs incurred in connection with activities under the cybersecurity monitor program."
The bills now sit on Republican Gov. Greg Abbott's desk and awaits his signature.