Bill Text: TX HB4892 | 2023-2024 | 88th Legislature | Introduced


Bill Title: Relating to physical security and cybersecurity practices for certain utilities that provide electricity service and an independent organization certified to manage a power region.

Spectrum: Partisan Bill (Democrat 1-0)

Status: (Introduced - Dead) 2023-03-23 - Referred to State Affairs [HB4892 Detail]

Download: Texas-2023-HB4892-Introduced.html
  88R2648 JXC-D
 
  By: Raymond H.B. No. 4892
 
 
 
A BILL TO BE ENTITLED
 
AN ACT
  relating to physical security and cybersecurity practices for
  certain utilities that provide electricity service and an
  independent organization certified to manage a power region.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  The heading to Subchapter B, Chapter 31,
  Utilities Code, is amended to read as follows:
  SUBCHAPTER B. PHYSICAL SECURITY AND CYBERSECURITY
         SECTION 2.  The heading to Section 31.052, Utilities Code,
  is amended to read as follows:
         Sec. 31.052.  PHYSICAL SECURITY AND CYBERSECURITY
  COORDINATION PROGRAM FOR UTILITIES.
         SECTION 3.  Section 31.052(a), Utilities Code, is amended to
  read as follows:
         (a)  The commission shall establish a program to monitor and
  support physical security and cybersecurity efforts among
  utilities in this state. The program shall:
               (1)  provide guidance, technical assistance, and
  training on best practices in physical security and cybersecurity
  and facilitate the sharing of cybersecurity information between
  utilities; [and]
               (2)  provide guidance, technical assistance, and
  training on best practices for physical security and cybersecurity
  controls for supply chain risk management of cybersecurity systems
  used by utilities, which may include, as applicable, best practices
  related to:
                     (A)  software integrity and authenticity;
                     (B)  vendor risk management and procurement
  controls, including notification by vendors of incidents related to
  the vendor's products and services; and
                     (C)  vendor remote access;
               (3)  develop models, assessments, and auditing
  procedures for a utility to self-assess physical security and
  cybersecurity; and
               (4)  provide opportunities for utilities to share with
  each other best practices for and information on physical security
  and cybersecurity.
         SECTION 4.  Section 39.151(o), Utilities Code, is amended to
  read as follows:
         (o)  An independent organization certified by the commission
  under this section shall:
               (1)  conduct internal physical security and
  cybersecurity risk assessment, vulnerability testing, and employee
  training to the extent the independent organization is not
  otherwise required to do so under applicable state and federal
  physical security, cybersecurity, and information security laws;
  and
               (2)  submit a report annually to the commission on the
  independent organization's compliance with applicable physical
  security, cybersecurity, and information security laws.
         SECTION 5.  This Act takes effect immediately if it receives
  a vote of two-thirds of all the members elected to each house, as
  provided by Section 39, Article III, Texas Constitution.  If this
  Act does not receive the vote necessary for immediate effect, this
  Act takes effect September 1, 2023.
feedback