A10129 Summary:

BILL NOA10129
 
SAME ASSAME AS S07601
 
SPONSORDinowitz
 
COSPNSRBlake, Fahy, Cook, Mosley, Solages, Otis, Robinson, Jaffee, Gottfried
 
MLTSPNSRGlick, Hooper, Simon
 
Add 711-b, Exec L; amd 1125, Pub Health L; amd 15-0507, En Con L
 
Provides for enhanced protection of water supplies from and emergency planning for terrorism and cyber terrorism attacks.
Go to top    

A10129 Actions:

BILL NOA10129
 
05/12/2016referred to governmental operations
05/23/2016reported referred to codes
06/06/2016reported referred to ways and means
06/16/2016reported referred to rules
06/16/2016reported
06/16/2016rules report cal.503
06/16/2016substituted by s7601
 S07601 AMEND= KLEIN
 05/11/2016REFERRED TO VETERANS, HOMELAND SECURITY AND MILITARY AFFAIRS
 05/23/2016REPORTED AND COMMITTED TO FINANCE
 06/02/20161ST REPORT CAL.1400
 06/06/20162ND REPORT CAL.
 06/07/2016ADVANCED TO THIRD READING
 06/09/2016PASSED SENATE
 06/09/2016DELIVERED TO ASSEMBLY
 06/09/2016referred to ways and means
 06/16/2016substituted for a10129
 06/16/2016ordered to third reading rules cal.503
 06/16/2016passed assembly
 06/16/2016returned to senate
Go to top

A10129 Memo:

NEW YORK STATE ASSEMBLY
MEMORANDUM IN SUPPORT OF LEGISLATION
submitted in accordance with Assembly Rule III, Sec 1(f)
 
BILL NUMBER: A10129
 
SPONSOR: Dinowitz
  TITLE OF BILL: An act to amend the executive law, the public health law and the envi- ronmental conservation law, in relation to the protection of water supplies   PURPOSE OR GENERAL IDEA OF BILL: To enhance public safety by requiring drink water suppliers to submit a vulnerability assessment analysis relating to cyber terrorism   SUMMARY OF SPECIFIC PROVISIONS: Section 1 of the bill adds a new section 711-b to the Executive Law to require the Commissioner of Homeland Security & Emergency Management to review each vulnerability analysis assessment from a water supplier sent to the Division. The Commissioner can also issue recommendations or general guidance to water suppliers based on the Division's review of the assessments. Section 2 of the bill amends section 1125 of the public health law related to water supply emergency plans, to require the Department of Health to maintain a list of all water suppliers required to file emer- gency plans pursuant to existing law. Section 3 of the bill amends section 1125 of the public health law to include an analysis of cyber attack within the water supplier's vulner- ability analysis assessment submitted to the Department of Health. Section 4 of the bill amends section 1125 of the public health law to require water suppliers to revise their emergency plan by January 1, 2017 to include an analysis of risk of cyber attack. The Commissioner of Health must transmit a copy of each vulnerability analysis assessment to the Superintendent of State Police. Section 5 of the bill amends section 1125 of the public health law to allow the Commissioner of Health or a county health department to provide guidance and support to community water systems on conducting vulnerability analysis assessments. Community water systems that are not already required to submit vulnerability analysis assessments would be given the option of submitting such an assessment Section 6 of the bill amends section 15-0507 of the environmental conservation law to authorize the Commissioner of Environmental Conser- vation to promulgate regulations related to response and prevention of terrorism and cyber terrorism by dam owners.   JUSTIFICATION: In March of 2016, federal prosecutors unsealed an indictment against seven Iranian hackers who attempted to gain access to the Bowman Avenue Dam in Rye, New York in 2013, as well as banks, the Nasdaq, and New York Stock Exchange. One of the hackers attempted to gain access to the dam's supervisory control and data acquisition system related to water levels, water temperature, and water flow. With operators of dams and drinking water systems computerizing much of their system functions, the state of New York must remain vigilant in obtaining and sharing information related to cyber threats and terrorist attacks against critical infras- tructure. In 2002, legislation was passed requiring drinking water suppliers to submit every five years an analysis of vulnerability to a terrorist attack. This bill would update that chapter to require the analysis to also include vulnerability to a cyber attack. Further, the bill enhances information sharing within state government related to possible terror- ist or cyber terror attack by requiring this vulnerability assessment to be shared with state police and the department of homeland security and emergency management.   PRIOR LEGISLATIVE HISTORY: New bill.   FISCAL IMPLICATIONS: none to the state   EFFECTIVE DATE: Immediately
Go to top

A10129 Text:



 
                STATE OF NEW YORK
        ________________________________________________________________________
 
                                          10129
 
                   IN ASSEMBLY
 
                                      May 12, 2016
                                       ___________
 
        Introduced by M. of A. DINOWITZ -- read once and referred to the Commit-
          tee on Governmental Operations
 
        AN  ACT  to amend the executive law, the public health law and the envi-
          ronmental conservation law, in relation to  the  protection  of  water
          supplies
 
          The  People of the State of New York, represented in Senate and Assem-
        bly, do enact as follows:

     1    Section 1.  The executive law is amended by adding a new section 711-b
     2  to read as follows:
     3    § 711-b. Review of water supplier vulnerability analysis  assessments.
     4  The  commissioner  shall  review  each vulnerability analysis assessment
     5  from a water supplier transmitted to the division from the department of
     6  health pursuant to section eleven  hundred  twenty-five  of  the  public
     7  health  law. The commissioner may issue recommendations or general guid-
     8  ance  to  the  water  supplier  based  on  the  assessment  to   enhance
     9  protections against a terrorist attack or cyber attack. Such recommenda-
    10  tions  and  guidance shall be kept confidential and shall be exempt from
    11  disclosure under article six of the public officers law.
    12    § 2. Paragraph (a) of subdivision 1 of  section  1125  of  the  public
    13  health law, as amended by chapter 405 of the laws of 2002, is amended to
    14  read as follows:
    15    (a)  "Water  supply  emergency  plan"  shall  mean a plan reviewed and
    16  approved by the commissioner and filed with  the  department.  The  plan
    17  shall follow a form which shall be specified by the department and which
    18  shall  include,  but  not  be limited to, those items enumerated in this
    19  section, and shall address those actions to be taken by a water supplier
    20  to anticipate emergencies and respond  responsibly  to  emergency  situ-
    21  ations.    The  department  shall maintain a list of all water suppliers
    22  required to file a water supply emergency plan pursuant to this section.
    23    § 3. Paragraph (k) of subdivision 2 of  section  1125  of  the  public
    24  health law, as amended by chapter 405 of the laws of 2002, is amended to
    25  read as follows:
    26    (k)  a  vulnerability  analysis  assessment,  including an analysis of
    27  vulnerability to terrorist attack, including cyber attack,  which  shall
 
         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD14903-02-6

        A. 10129                            2
 
     1  be  made  after  consultation with local and state law enforcement agen-
     2  cies.
     3    §  4.  Subdivisions  5 and 8 of section 1125 of the public health law,
     4  subdivision 5 as amended and subdivision 8 as added by  chapter  317  of
     5  the laws of 2007, are amended to read as follows:
     6    5.  Every  water  supplier  shall review, and if necessary, revise its
     7  water supply emergency plan and report its findings to the  commissioner
     8  by  December  thirty-first,  nineteen  hundred  ninety-five.  Any  water
     9  supplier whose water supply emergency plan does not include an  analysis
    10  of  vulnerability  to  terrorist  attack,  including cyber attack, shall
    11  revise its emergency plan and report its findings to the commissioner by
    12  January first, two thousand  [three]  seventeen.  Every  water  supplier
    13  shall  keep  its  water  supply emergency plan up to date, shall provide
    14  updated communication and notification information to  the  commissioner
    15  by  December  thirty-first  of  every  year,  and shall submit its water
    16  supply emergency plan to the commissioner for review at least once every
    17  five years and within thirty days after major water facility infrastruc-
    18  ture changes have been made. The commissioner shall transmit a  copy  of
    19  each  vulnerability  analysis  assessment  from  a water supplier to the
    20  superintendent of state police, commissioner of the division of homeland
    21  security and emergency services, and chief technology officer.
    22    8. The commissioner, superintendent of state police,  commissioner  of
    23  the  division  of  homeland  security  and emergency services, and chief
    24  technology officer shall keep confidential: (a) all vulnerability analy-
    25  sis assessments and all  information  derived  therefrom;  and  (b)  all
    26  information  determined  by  a water supplier to pose a security risk to
    27  the operation of a water supply system. Such assessments and information
    28  shall be exempt from disclosure under article six of the public officers
    29  law. A person who, without authorization, discloses any such  assessment
    30  or  information to another person who has not been authorized to receive
    31  such assessment or information is guilty of a class A misdemeanor.
    32    § 5. Subdivisions 6, 7 and 8 of section 1125 of the public health  law
    33  are  renumbered subdivisions 7, 8 and 9 and a new subdivision 6 is added
    34  to read as follows:
    35    6. (a) The commissioner or a  county  health  department  may  provide
    36  guidance and assistance to community water systems on conducting vulner-
    37  ability assessments, preparing water supply emergency plans and address-
    38  ing threats from terrorist attacks, including cyber attacks, designed to
    39  disrupt the provision of safe drinking water or significantly affect the
    40  public  health, or significantly affect the safety or supply of drinking
    41  water provided to communities or individuals.
    42    (b) A community water system, that is not a water supplier, may  elect
    43  to  complete  a water supply emergency plan. Such community water system
    44  may elect to submit the plan to the commissioner for approval. In such a
    45  case, the commissioner shall subject the plan to such  approval  process
    46  as described in paragraph (a) of subdivision one of this section.
    47    §  6.  Subdivision 1 of section 15-0507 of the environmental conserva-
    48  tion law, as amended by chapter 364 of the laws of 1999, is  amended  to
    49  read as follows:
    50    1.  Any  owner of a dam or other structure which impounds waters shall
    51  at all times operate and maintain said  structure  and  all  appurtenant
    52  structures  in  a  safe  condition.  As used in this section and section
    53  71-1109 of this chapter, "owner" means any person or local public corpo-
    54  ration who owns, erects, reconstructs, repairs, maintains or uses a  dam
    55  or  other  structure which impounds waters. The commissioner may promul-
    56  gate regulations requiring any owner to prepare and implement  a  safety

        A. 10129                            3
 
     1  program  for such dam or structure as necessary to safeguard life, prop-
     2  erty or natural resources. Regulations governing the safety program  may
     3  include requirements for inspections, monitoring, maintenance and opera-
     4  tion,  emergency  action  planning, response and prevention of terrorism
     5  and cyber terrorism, financial security, recordkeeping and reporting  or
     6  any  other  requirement  the  commissioner  deems necessary to safeguard
     7  life, property or natural resources. Such requirement shall  only  apply
     8  to those dams or other structures that impound waters which pose, in the
     9  event  of  failure,  a  threat  of personal injury, substantial property
    10  damage or substantial natural resource damage.
    11    § 7. This act shall take effect immediately.
Go to top