 |
ARIZONA STATE SENATE
Fifty-Seventh Legislature, First Regular Session
AMENDED
grid security; cybersecurity; reviews; commission
Purpose
Requires the Arizona Corporation Commission (ACC) to conduct a grid security review at least every two years or as a part of the ACC's integrated resource planning process or biennial transmission assessment and make outlined assessments and evaluations when conducting the review.
Background
The ACC regulates investor-owned or privately-owned utilities that provide gas, water, electricity or telephone service (ACC). The ACC has the power to inspect and investigate the property, books, papers, business, methods and affairs of any corporation whose stock is offered for sale to the public and any public service corporation doing business within Arizona (Ariz. Const. art. 15 § 4). The ACC has the power and authority to enforce its rules, regulations and orders by the imposition of such fines as the ACC may deem just (Ariz. Const. art. 15 § 19).
The Arizona Constitution allows the Legislature to enlarge the powers and extend the duties of the ACC and to prescribe rules and regulations to govern proceedings by and before the ACC (Ariz. Const. art. 15 § 6).
There is no anticipated fiscal impact to the state General Fund associated with this legislation.
Provisions
1. Requires the ACC to conduct a grid security review at least every two years or as a part of the ACC's integrated resource planning process or biennial transmission assessment.
2. Requires each investor-owned public service corporation doing business in Arizona, in conducting the review, to:
a) research and evaluate the generation and grid management technologies that can protect against or withstand a physical attack and cyberattack;
b) evaluate the dangers associated with an electromagnetic pulse and the steps necessary to secure a continuous supply of electricity to the residents of Arizona in the event of an electromagnetic pulse;
c) evaluate new information technology systems and how protections are implemented; and
d) update and submit the public service corporation's cybersecurity and grid protection protocols to the ACC for review.
3. Requires the ACC in conducting the review to:
a) confirm that each investor-owned public service corporation doing business in Arizona has active cybersecurity and grid protection protocols in place;
b) confirm whether each cybersecurity and grid protection protocol submitted to the ACC is adequate, inadequate or needs modifications; and
c) make recommendations to rectify deficiencies and develop security plans that evaluate and consider the time and costs that are associated with implementing changes.
4. Requires the ACC to adopt an order specifying the frequency or process within which it will conduct a review.
5. Allows the ACC to modify or amend the order from time to time as the ACC deems reasonable and in the public interest.
6. Stipulates that the review, plans, protocols, dangers or deficiencies and all other information or content received, reviewed, created or provided are not open to public inspection.
7. Contains a statement of legislative findings and intent.
8. Makes technical changes.
9. Becomes effective on the general effective date.
Amendments Adopted by Committee
1. Requires the ACC to conduct an annual grid security review, rather than an annual grid security review of a plant.
2. Removes the requirement that the ACC assess emerging technologies.
3. Requires the ACC when conducting the grid security review to evaluate the dangers associated with an electromagnetic pulse and the steps necessary to secure a continuous supply of electricity to the residents of Arizona.
4. Requires the ACC when conducting the grid security review to encourage, rather than require, investor-owned utilities to rectify deficiencies that were identified in the grid security review and develop security plans that evaluate and consider the time and costs that are associated with implementing changes.
5. Removes the requirement that the outlined security plans include potential funding sources from private capital investment for energy development.
6. Modifies the statement of legislative findings and intent.
7. Makes technical changes.
Amendments Adopted by the House of Representatives
1. Requires the ACC to conduct a grid security review at least every two years or as a part of the ACC's integrated resource planning process or biennial transmission assessment, rather than annually.
2. Modifies the grid security review by requiring each investor-owned public service corporation doing business in Arizona, rather than the ACC, in conducting the review to:
a) research and evaluate the generation and grid management technologies that can protect against or withstand a physical attack and a cyberattack;
b) evaluate the steps necessary to secure a continuous supply of electricity to the residents of Arizona in the event of an electromagnetic pulse; and
c) update and submit the public service corporation's cybersecurity and grid protection protocols to the ACC for review.
3. Removes from the grid security review that the ACC research and evaluate the generation and grid management technologies that will accommodate a two-way flow of electricity.
4. Requires the ACC in conducting the review to:
a) confirm that each investor-owned public service corporation doing business in Arizona has active cybersecurity and grid protection protocols in place;
b) confirm whether each cybersecurity and grid protection protocol submitted to the ACC is adequate, inadequate or needs modifications; and
c) make recommendations to rectify deficiencies, rather than encourage investor-owned utilities to rectify deficiencies that were identified in the grid security review.
5. Removes the exemption for electric cooperatives and public power entities from the outlined requirement for investor-owned utilities to rectify identified deficiencies identified in the grid security review.
6. Stipulates that the review, plans, protocols, dangers or deficiencies and all other information or content received, reviewed, created or provided are not open to public inspection.
7. Requires the ACC to adopt an order specifying the frequency or process within which it will conduct a review.
8. Allows the ACC to modify or amend the order from time to time as the ACC deems reasonable and in the public interest.
9. Modifies the statement of legislative findings and intent.
10. Makes conforming changes.
Senate Action House Action
NR 2/11/25 DPA 5-2-1 NREW 3/11/25 DP 5-4-0-1
3rd Read 2/26/25 17-11-2 3rd Read 3/31/25 31-25-4
Prepared by Senate Research
April 7, 2025
SB/slp