•  Summary 
  •  
  •  Actions 
  •  
  •  Committee Votes 
  •  
  •  Floor Votes 
  •  
  •  Memo 
  •  
  •  Text 
  •  
  •  LFIN 
  •  
  •  Chamber Video/Transcript 

A03904 Summary:

BILL NOA03904B
 
SAME ASSAME AS S05579-A
 
SPONSORCusick
 
COSPNSREnglebright, Zebrowski, Fahy, Magnarelli, Thiele, McDonald, Abinanti, Abbate, Hevesi, Jackson, Simon, Barron, Gottfried, Zinerman, Otis, Palmesano
 
MLTSPNSR
 
Amd §§3-101 & 1-103, Energy L; amd §709, Exec L; amd §66, Pub Serv L
 
Relates to critical energy infrastructure security and responsibility; relates to the protection of critical infrastructure in the state.
Go to top

A03904 Text:



 
                STATE OF NEW YORK
        ________________________________________________________________________
 
                                         3904--B
 
                               2021-2022 Regular Sessions
 
                   IN ASSEMBLY
 
                                    January 28, 2021
                                       ___________
 
        Introduced by M. of A. CUSICK, ENGLEBRIGHT, ZEBROWSKI, FAHY, MAGNARELLI,
          THIELE, McDONALD, ABINANTI, ABBATE, HEVESI, JACKSON, SIMON, GOTTFRIED,
          ZINERMAN,  OTIS,  PALMESANO -- read once and referred to the Committee
          on Energy -- reported and referred to the Committee on Ways and  Means
          --  committee  discharged,  bill amended, ordered reprinted as amended
          and recommitted to said committee -- recommitted to the  Committee  on
          Ways and Means in accordance with Assembly Rule 3, sec. 2 -- committee
          discharged, bill amended, ordered reprinted as amended and recommitted
          to said committee
 
        AN ACT to amend the energy law, the executive law and the public service
          law,  in  relation  to  critical  energy  infrastructure  security and
          responsibility
 
          The People of the State of New York, represented in Senate and  Assem-
        bly, do enact as follows:
 
     1    Section  1.  Subdivision  1  of  section  3-101  of the energy law, as
     2  amended by chapter 253 of the laws  of  2013,  is  amended  to  read  as
     3  follows:
     4    1.  to  obtain and maintain an adequate and continuous supply of safe,
     5  dependable and economical energy for the people of the state,  including
     6  through  the  protection of critical energy infrastructure as defined in
     7  subdivision fourteen of section 1-103 of this chapter, and to accelerate
     8  development and use within the state of renewable energy sources, all in
     9  order to promote the state's economic growth, to create employment with-
    10  in the state, to  protect  its  environmental  values  and  agricultural
    11  heritage,  to  husband  its  resources  for  future  generations, and to
    12  promote the health and welfare of its people;
    13    § 2. Section 1-103 of the energy law is  amended  by  adding  two  new
    14  subdivisions 14 and 15 to read as follows:
    15    14.  "Critical  energy infrastructure" means systems, including indus-
    16  trial control systems, customer  electrical  or  gas  consumption  data,
    17  assets,  places  or things, whether physical or virtual, so vital to the

         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD06856-05-2

        A. 3904--B                          2
 
     1  state  that  the  disruption,  incapacitation  or  destruction  of  such
     2  systems,  including  industrial  control systems, customer electrical or
     3  gas consumption data, assets, places  or  things  could  jeopardize  the
     4  health, safety, welfare, energy distribution, transmission, reliability,
     5  or security of the state, its residents or its economy.
     6    15. "Industrial control systems" means a combination of control compo-
     7  nents  that  support  operational functions in gas, distribution, trans-
     8  mission, and advanced metering infrastructure control centers,  and  act
     9  together to achieve an industrial objective, including controls that are
    10  fully automated or that include a human-machine interface.
    11    §  3.  Paragraph  (j) of subdivision 2 of section 709 of the executive
    12  law, as amended by section 14 of part B of chapter 56  of  the  laws  of
    13  2010, is amended to read as follows:
    14    (j)  work  with local, state and federal agencies and private entities
    15  to conduct assessments of the vulnerability of  critical  infrastructure
    16  to terrorist attack, cyber attack, and other natural and man-made disas-
    17  ters,  including,  but not limited to, nuclear facilities, power plants,
    18  telecommunications systems, mass transportation  systems,  public  road-
    19  ways,  railways,  bridges  and tunnels, and attendant industrial control
    20  systems as defined by subdivision fifteen of section 1-103 of the energy
    21  law and develop strategies that may be used to protect such  infrastruc-
    22  ture from terrorist attack, cyber attack, and other natural and man-made
    23  disasters;
    24    §  4.    Paragraph  (a)  of subdivision 19 of section 66 of the public
    25  service law, as amended by section 4 of part X of chapter 57 of the laws
    26  of 2013, is amended to read as follows:
    27    (a) The commission shall have power  to  provide  for  management  and
    28  operations  audits  of  gas corporations and electric corporations. Such
    29  audits shall be performed at least once every five years for combination
    30  gas and electric corporations, as well as for straight gas  corporations
    31  having  annual  gross revenues in excess of two hundred million dollars.
    32  The audit shall include, but not be limited to, an investigation of  the
    33  company's  construction program planning in relation to the needs of its
    34  customers for reliable service, an evaluation of the efficiency  of  the
    35  company's operations and protection of critical energy infrastructure as
    36  defined  in  subdivision  fourteen  of  section 1-103 of the energy law,
    37  recommendations with respect to same, and the timing with respect to the
    38  implementation  of  such  recommendations.  The  commission  shall  have
    39  discretion to have such audits performed by its staff, or by independent
    40  auditors.
    41    In  every  case  in  which  the  commission  chooses to have the audit
    42  provided for in this subdivision or pursuant to subdivision fourteen  of
    43  section sixty-five of this article performed by independent auditors, it
    44  shall  have authority to select the auditors, and to require the company
    45  being audited to enter into a contract with the auditors  providing  for
    46  their  payment  by the company. Such contract shall provide further that
    47  the auditors shall work for and under the direction  of  the  commission
    48  according  to  such  terms as the commission may determine are necessary
    49  and reasonable.
    50    § 5. Subdivision 19 of section 66 of the public service law is amended
    51  by adding a new paragraph (d) to read as follows:
    52    (d) The commission shall have the power to provide for an annual audit
    53  of gas corporations and electric corporations relating to  the  adequacy
    54  of   cyber-security  policies,  protocols,  procedures  and  protections
    55  including, but not limited to, as such policies,  protocols,  procedures
    56  and  protections  relate to critical energy infrastructure as defined in

        A. 3904--B                          3
 
     1  subdivision fourteen of section 1-103 of the  energy  law  and  also  to
     2  customer  privacy. The commission shall have the discretion to have such
     3  audits performed by its staff or by an independent third party.
     4    §  6.  Paragraph  (a)  of  subdivision  21 of section 66 of the public
     5  service law, as added by section 4 of part X of chapter 57 of  the  laws
     6  of 2013, is amended to read as follows:
     7    (a) Each electric corporation subject to section twenty-five-a of this
     8  chapter  shall  annually, on or before December fifteenth, submit to the
     9  commission an emergency response plan for review and approval. The emer-
    10  gency response plan shall be designed for the reasonably prompt restora-
    11  tion of service in the case of an emergency event, defined for  purposes
    12  of  this  subdivision as an event where widespread outages have occurred
    13  in the service territory of the company due to storms, cyber attack,  or
    14  other  causes  beyond the control of the company. The emergency response
    15  plan shall include, but need not be limited to, the following:  (i)  the
    16  identification  of  management  staff responsible for company operations
    17  during an emergency; (ii) a communications system with customers  during
    18  an  emergency  that  extends  beyond  normal business hours and business
    19  conditions; (iii) identification of and outreach plans to customers  who
    20  had  documented  their need for essential electricity for medical needs;
    21  (iv) identification of and outreach plans to  customers  who  had  docu-
    22  mented their need for essential electricity to provide critical telecom-
    23  munications,   critical   transportation,   critical  fuel  distribution
    24  services or other large-load customers identified by the commission; (v)
    25  designation of company staff to communicate  with  local  officials  and
    26  appropriate  regulatory  agencies;  (vi)  provisions  regarding  how the
    27  company will assure the safety of its employees and  contractors;  (vii)
    28  procedures for deploying company and mutual aid crews to work assignment
    29  areas; (viii) identification of additional supplies and equipment needed
    30  during an emergency; (ix) the means of obtaining additional supplies and
    31  equipment;  (x) procedures to practice the emergency response plan; (xi)
    32  appropriate safety precautions regarding electrical  hazards,  including
    33  plans to promptly secure downed wires within thirty-six hours of notifi-
    34  cation  of  the location of such downed wires from a municipal emergency
    35  official; and (xii) such other additional information as the  commission
    36  may  require. Each such corporation shall, on an annual basis, undertake
    37  drills implementing procedures  to  practice  its  emergency  management
    38  plan.  The  commission may adopt additional requirements consistent with
    39  ensuring the reasonably prompt restoration of service in the case of  an
    40  emergency event.
    41    § 7. Section 66 of the public service law is amended by adding two new
    42  subdivisions 30 and 31 to read as follows:
    43    30.  Promulgate rules and regulations to direct electric or gas corpo-
    44  rations to develop and implement tools to  monitor  operational  control
    45  networks giving the electric or gas corporation the ability to undertake
    46  the  detection  of  unauthorized network behavior related to such corpo-
    47  ration's industrial control systems, as defined in  subdivision  fifteen
    48  of  section 1-103 of the energy law. On or before December thirty-first,
    49  two thousand twenty-three and not later than five years after such date,
    50  and every five years thereafter, the commission shall provide  a  report
    51  to  the  governor, the temporary president of the senate, the speaker of
    52  the assembly, the chairperson of  the  assembly  standing  committee  on
    53  energy,  and  the chairperson of the senate standing committee on energy
    54  and telecommunications reviewing electric or gas corporation  compliance
    55  with  this  section,  including,  as  necessary,  recommendations to the
    56  legislature if the commission determines that  additional  measures  are

        A. 3904--B                          4
 
     1  required  to  ensure  the effective protection of electric or gas corpo-
     2  ration critical infrastructure.
     3    31.  Promulgate rules and regulations to direct electric or gas corpo-
     4  rations to require the installation of advanced metering  infrastructure
     5  that  connects  to  the electric or gas distribution network operated by
     6  such electric or gas corporation be permitted only so long as access  to
     7  the  advanced meter infrastructure enables two-way communication between
     8  utilities and meters through the optimal communications network  option,
     9  such as a wireless network, that is shared by at least two meter provid-
    10  ers  operating  within  the  United States of America, if the commission
    11  determines that it is cost effective to do so.
    12    § 8. This act shall take effect on the one hundred eightieth day after
    13  it shall have become a law. Effective immediately,  the  public  service
    14  commission  is  authorized  and  directed  to  take actions necessary to
    15  promulgate rules and regulations related to the implementation of subdi-
    16  visions 30 and 31 of section 66 of the public service law on  or  before
    17  such effective date.
Go to top