Memorandum in Support - A.7682 (Cusick) / S.6195 (Parker)
A.7682 (Cusick) / S.6195 (Parker) - AN ACT to amend the energy law, the public officers law, the executive law, and the public service law, in relation to critical utility infrastructure security and responsibility
The Independent Power Producers of New York, Inc. (IPPNY) is a trade association representing companies involved in the development of electric generating facilities, the generation, sale, and marketing of electric power, and the development of natural gas facilities in the State of New York. IPPNY Member companies produce the majority of New York's electricity, utilizing almost every generation technology available today such as wind, solar, natural gas, oil, hydro, coal, biomass, and nuclear.
IPPNY supports A.7682 (Cusick) / S.6195 (Parker). The bills would establish: (a) minimum cybersecurity and safety standards; and (b) minimum cybersecurity insurance requirements, which would be applicable to third parties seeking to connect to any electric or gas corporation's systems to receive consumption or other data. The legislation would require the New York State Public Service Commission to promulgate rules and regulations by January 1, 2021 to ensure the implementation and enforcement of the bills’ provisions.
This legislation builds upon New York State’s existing efforts to protect critical energy infrastructure. Existing programs involve the sharing of information and best practices with owners and operators of New York's energy infrastructure, as well as the monitoring of threats and risk scenarios.
The bills are consistent with the recent efforts of the North American Electric Reliability Corporation to place additional cybersecurity requirements on balancing authorities, generator operators, reliability coordinators, transmission operators and transmission owners that own or operate a control center, in order to develop and implement a plan to address the risks posed by unauthorized disclosure (confidentiality) and unauthorized modification (integrity) of monitoring data being transmitted between control centers. The plan would identify needed security protections and the roles and responsibilities of implementing entities.
For the reasons stated above, IPPNY supports A.7682 (Cusick) / S.6195 (Parker).