Bill Text: TX HB4892 | 2023-2024 | 88th Legislature | Introduced
Bill Title: Relating to physical security and cybersecurity practices for certain utilities that provide electricity service and an independent organization certified to manage a power region.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Introduced - Dead) 2023-03-23 - Referred to State Affairs [HB4892 Detail]
Download: Texas-2023-HB4892-Introduced.html
| 88R2648 JXC-D | ||
| By: Raymond | H.B. No. 4892 | |
|
|
||
|
|
||
| relating to physical security and cybersecurity practices for | ||
| certain utilities that provide electricity service and an | ||
| independent organization certified to manage a power region. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. The heading to Subchapter B, Chapter 31, | ||
| Utilities Code, is amended to read as follows: | ||
| SUBCHAPTER B. PHYSICAL SECURITY AND CYBERSECURITY | ||
| SECTION 2. The heading to Section 31.052, Utilities Code, | ||
| is amended to read as follows: | ||
| Sec. 31.052. PHYSICAL SECURITY AND CYBERSECURITY | ||
| COORDINATION PROGRAM FOR UTILITIES. | ||
| SECTION 3. Section 31.052(a), Utilities Code, is amended to | ||
| read as follows: | ||
| (a) The commission shall establish a program to monitor and | ||
| support physical security and cybersecurity efforts among | ||
| utilities in this state. The program shall: | ||
| (1) provide guidance, technical assistance, and | ||
| training on best practices in physical security and cybersecurity | ||
| and facilitate the sharing of cybersecurity information between | ||
| utilities; [ |
||
| (2) provide guidance, technical assistance, and | ||
| training on best practices for physical security and cybersecurity | ||
| controls for supply chain risk management of cybersecurity systems | ||
| used by utilities, which may include, as applicable, best practices | ||
| related to: | ||
| (A) software integrity and authenticity; | ||
| (B) vendor risk management and procurement | ||
| controls, including notification by vendors of incidents related to | ||
| the vendor's products and services; and | ||
| (C) vendor remote access; | ||
| (3) develop models, assessments, and auditing | ||
| procedures for a utility to self-assess physical security and | ||
| cybersecurity; and | ||
| (4) provide opportunities for utilities to share with | ||
| each other best practices for and information on physical security | ||
| and cybersecurity. | ||
| SECTION 4. Section 39.151(o), Utilities Code, is amended to | ||
| read as follows: | ||
| (o) An independent organization certified by the commission | ||
| under this section shall: | ||
| (1) conduct internal physical security and | ||
| cybersecurity risk assessment, vulnerability testing, and employee | ||
| training to the extent the independent organization is not | ||
| otherwise required to do so under applicable state and federal | ||
| physical security, cybersecurity, and information security laws; | ||
| and | ||
| (2) submit a report annually to the commission on the | ||
| independent organization's compliance with applicable physical | ||
| security, cybersecurity, and information security laws. | ||
| SECTION 5. This Act takes effect immediately if it receives | ||
| a vote of two-thirds of all the members elected to each house, as | ||
| provided by Section 39, Article III, Texas Constitution. If this | ||
| Act does not receive the vote necessary for immediate effect, this | ||
| Act takes effect September 1, 2023. | ||
