BILL ANALYSIS Ó AB 853 Page 1 6/22/2015: Changes per consultant ASSEMBLY THIRD READING AB 853 (Roger Hernández) As Amended April 30, 2015 Majority vote ----------------------------------------------------------------- |Committee |Votes |Ayes |Noes | | | | | | | | | | | |----------------+------+--------------------+--------------------| |Utilities |10-4 |Rendon, Bonilla, |Patterson, | | | |Burke, Eggman, |Achadjian, Hadley, | | | |Cristina Garcia, |Obernolte | | | |Roger Hernández, | | | | |Quirk, Santiago, | | | | |Ting, Williams | | | | | | | |----------------+------+--------------------+--------------------| |Appropriations |12-5 |Gomez, Bonta, |Bigelow, Chang, | | | |Calderon, Daly, |Gallagher, Jones, | | | |Eggman, |Wagner | | | | | | | | | | | | | |Eduardo Garcia, | | | | |Gordon, Holden, | | | | |Quirk, Rendon, | | | | |Weber, Wood | | | | | | | AB 853 Page 2 | | | | | ----------------------------------------------------------------- SUMMARY: Requires an electrical or gas corporation to utilize direct employees for any work associated with its infrastructure and computer systems, as specified. Specifically, this bill: 1)Requires an electrical or gas corporation, to the extent feasible, utilize direct employees for any work associated with the design, engineering, and operation of its nuclear, electrical, and gas infrastructure, including all computer and information technology systems. 2)Defines "direct employees" for construction or maintenance work to include the employees of a contractor or subcontractor licensed in California and working under the direct supervision of the electrical or gas corporation. 3)Requires an electrical or gas corporation, before utilizing non-direct employees, to file a Tier 3 advice letter with the California Public Utilities Commission (CPUC) that demonstrates that the work can be performed safely and securely, and without jeopardizing the security of its nuclear, electrical, and gas infrastructure. 4)Requires the CPUC to open a proceeding, or expand the scope of an existing proceeding, to evaluate the advice letter and hold at least one duly noticed public hearing for the proceeding. 5)Requires the CPUC to issue a written decision determining whether the electrical or gas corporation may utilize persons that are not direct employees for the described work. AB 853 Page 3 FISCAL EFFECT: According to the Assembly Appropriations Committee, increased costs in the $200,000 range (special fund) for the CPUC to review advice letters and conduct proceedings. COMMENTS: 1)Author's Statement: "Protecting the security of nuclear, electric and natural gas utility systems (as well as the privacy of ratepayer personal information) is a paramount state interest. However, recent intrusions into major corporate computer systems such as Sony and Anthem Blue Cross and theft of information from those systems have demonstrated the vulnerability of those systems ? Electrical corporations and gas corporations should make every reasonable effort to protect their computer systems from unauthorized intrusions. Unfortunately, recent events have raised concerns about the safety and security of such systems ? AB 853 will prohibit an electric or gas corporation from outsourcing critical nuclear, electrical and gas infrastructure work, including computer and information technology systems, without first obtaining approval from the Public Utilities Commission." 2)Background: Recently, Southern California Edison (SCE) announced plans to lay off hundreds of employees and hire foreign workers. SCE announced that it was laying off about 400 information technology employees, with an additional 100 leaving voluntarily. SCE said that it was outsourcing some tech-related work to two Indian companies, Infosys in Bangalore and Tata Consultancy Services in Mumbai, after looking at multiple firms. In addition, some of the foreign workers hired by SCE are in the United States because of the H-1B visa. In March 2015, the United States Senate Judiciary Committee held a hearing on AB 853 Page 4 problems with the H-1B and other visa programs. The hearing noted that the visas are used to bring high-skilled workers into the United States so that companies can continue to attract world-class talent and continue to lead on the global stage. However, the hearing highlighted troubling stories of abuses that have caused the displacement of American workers, and noted that these visa programs are to be used to complement the United States workforce, not displace it. 3)Security of Utility Infrastructure: In light of the recent intrusions into major corporate computer systems, the bill notes that the part of any computer system that is most vulnerable to being compromised is the personnel who operate the system. This bill would require an electrical or gas corporation to use direct employees for any work associated with the design, engineering, and operation of its nuclear, electrical, and gas infrastructure, including all computer and information systems, to the extent feasible. Furthermore, this bill would prohibit an electrical or gas corporation from using a non-direct employee, unless it files a Tier 3 advice letter with the CPUC that demonstrates that the work can be performed safely and securely, and without jeopardizing the security of the utilities infrastructure. The CPUC then must open or expand the scope of a proceeding to evaluate the advice letter over at least one public hearing and issue a written decision determining whether the electrical or gas corporation may utilize the non-direct employee for the described work. Analysis Prepared by: Edmond Cheung / U. & C. / (916) 319-2083 FN: 0000607 AB 853 Page 5