With so many challenges filed in so many venues to EPA’s Waters of the United States or WOTUS rule, it seemed inevitable that some plaintiffs somewhere would find a sympathetic court. And so it is that thirteen states found U. S. District Judge Ralph R. Erickson to preliminarily enjoin the “exceptionally expansive view” of the government’s reach under the Clean Water Act.
On August 14, 2015 California Public Utilities Commission (CPUC) Administrative Law Judge (ALJ) Rafael Lirag extended the deadline for public comment in the CPUC Confidentiality/Public Records Act rulemaking proceeding. This proceeding will have a major impact on record submitters (utilities), public advocates, and news agencies alike by dictating how, and which, documents will remain confidential when submitted in CPUC proceedings. Read More
On August 11, 2015, a district court in Silicon Valley remanded a U.S. Fish and Wildlife Service (FWS) rule issued in 2013 that had extended the potential term of incidental take permits under the Bald and Golden Eagle Protection Act (Eagle Protection Act) from 5 years to 30 years. Bird protection groups challenged FWS issuance of the rule extending the potential permit length without first conducting an environmental assessment, which the court held was fatal to the action’s validity. The extension had been promulgated by FWS to assist wind power companies in obtaining financing of facilities that typically were expected to operate for 20-30 years.
The Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) July 16, 2015, proposing to approve various Critical Infrastructure Protection (CIP) reliability standards proposed by the North American Electric Reliability Corporation (NERC) and further proposed to direct NERC to develop a new CIP reliability standard to protect the bulk electric system (BES) supply chain. Comments on the NOPR are due Sept. 21, 2015.
The NOPR reflects FERC’s heightened attention to the cyber security of the BES by demanding the expansion of the scope of CIP standards and wielding its authority under section 215 of the Federal Power Act (FPA) to order NERC to develop a new standard, while laying out the purpose and parameters of such standard. If adopted, the NOPR will undoubtedly require responsible entities to devote resources to additional CIP compliance and elicit further debate regarding the cost-benefit analysis of NERC reliability standards. Lending potential credence to the ‘benefit’ side of the equation, Lloyd’s and the University of Cambridge Centre for Risk Studies recently published an Emerging Risk Report, titled Business Blackout: The Insurance Implications of a Cyber-attack on the US Power Grid. The report posits that a large-scale cyber attack on the U.S. power grid could cost the US economy trillions of dollars. A summary of the NOPR and Report follows.
FERC’s CIP NOPR
The CIP NOPR follows NERC’s submission of seven CIP standards on Feb. 13, 2015 in compliance with Order No. 791, which addressed “Version 5” of the CIP standards. FERC concluded that NERC satisfactorily complied with most mandates of Order No. 791. Specifically, NERC removed language stating a responsible entity must “identify, address, and correct” compliance deficiencies from seventeen CIP requirements that FERC found did not meet the “clear and unambiguous” objective of reliability standards. NERC explained that the original intent of the language would nonetheless be satisfied via procedural revisions to its Compliance Monitoring and Enforcement Program.
NERC also addressed FERC’s concern that there were no objective criteria for evaluating compliance for “Low Impact” cyber systems. As amended, NERC’s proposed new “High, Medium or Low Impact” tiered approach to classifying cyber systems now assigns enumerated controls for Low Impact cyber systems, including the requirement to develop management-sanctioned cyber security policies for Low Impact cyber systems. This will be significant to entities that previously did not have any cyber assets covered by the reliability standards. Not only must these entities now assess and classify all cyber systems, but must further designate resources to develop policies meeting certain minimum requirements to protect such assets.
FERC advocated for further protection of Low Impact cyber systems in the NOPR with respect to NERC’s proposed controls for transient devices, including thumb drives and portable laptop computers. NERC developed controls for transient devices in response to Order No. 791 (along with a new Glossary Term defining such devices), but explained resources would be best allocated by only applying the requirements to Medium and High Impact cyber systems. FERC directed NERC to either provide adequate justification for the exclusion of Low Impact cyber assets or risk being sent back to develop requirements that appropriately accommodated such assets.
FERC also directed NERC to revisit changes it made affecting communication networks. FERC perceives a reliability gap in NERC’s proposal to create controls for “nonprogrammable components of communication networks within the same Electronic Security Perimeter.” The exclusion of programmable and nonprogrammable communication network components that exist outside an Electronic Security Perimeter leaves “real-time data passing between Control Centers outside of a facility” unprotected. FERC thus directed NERC to revise the requirements of CIP-006-6 to protect inter-Control Center communications. FERC also specifically requested comment on whether it should consider additional protections for remote access to cyber systems.
The NOPR steps outside the bounds of NERC’s compliance filing to propose the creation of a new Reliability Standard to address supply chain protection. Citing to guidance provided by the Department of Energy, the Department of Homeland Security, and the National Institute of Standards and Technology, FERC explained that “the global supply chain also enables opportunities for adversaries to directly or indirectly affect the management or operations of companies that may result in risks to the end user.” The new Reliability Standard would only apply to entities under the jurisdiction of FPA § 215, yet would need to consider the entire supply chain. At a minimum, FERC stated the standard “should accommodate … an entity’s: (1) procurement process; (2) vendor relations; (3) system requirements; (4) information technology implementation; and (5) privileged commercial or financial information.” FERC acknowledged that this would be a “significant undertaking” and requested comments on the proposal to facilitate stakeholder input at the standard’s inception.
Lloyd’s Emerging Risks Report
Lloyd’s and the University of Cambridge Centre for Risk Studies recently published Business Blackout: The Insurance Implications of a Cyber-attack on the US Power Grid, an assessment of the insurance implications of a large-scale cyber attack on the U.S. power grid. The assessment relied upon a fictional scenario developed by subject matter experts drawing from historical examples and plausible technological exploits. The report depicts actions of sophisticated attackers who engage in methodical planning and reconnaissance, and deploy a variety of tactics to penetrate the security of the electrical grid. These tactics include social engineering, hacking of remotely accessed controlled systems, physical intrusions, and the deployment of malware. The malware ultimately infects multiple electricity generation control rooms, allowing attackers to control them remotely, forcing them to overload and burn out, causing fires, explosions and sustained outages. The Lloyd’s report estimates such an attack could deprive millions of individuals and businesses of power for sustained periods, and cost the U.S. economy between $243 billion to $1 trillion in the most extreme version of the scenario.The scenario addresses three attributes of cyber risk that distinguish it from other types of risk. The first is the systemic exposure caused by connected digital networks and shared technologies. The second is the “intangible” nature of a cyber attack – it is usually surreptitiously deployed and often not detected for months or even years after the event. The third is the dynamic and evolving nature of technology driven by human creative intelligence. Although the fictional scenario depicted in the Lloyd’s report is improbable, it is technologically possible. Business Blackout demonstrates that if such an attack occurred, the effects would be wide ranging, impacting not just power generation, transmission and distribution companies, but literally every aspect of our critical infrastructure and economy. The report estimates that the insurance industry would face cyber attack-related claims ranging between $21.4 billion up to $71.1 billion in the most extreme version of the scenario. It nonetheless asserts that insurance can be a valuable tool for managing and responding to cyber risk.
This advisory is a publication of Davis Wright Tremaine LLP. Our purpose in publishing this advisory is to inform our clients and friends of recent legal developments. It is not intended, nor should it be used, as a substitute for specific legal advice as legal counsel may only be given in response to inquiries regarding particular situations.
The fact that California is suffering its fourth year of drought conditions is not a new story — how the State should address this water shortage is the subject of much debate.
The California State Water Resources Control Board (State Water Board) has recently been flexing its muscles, determined to show water users and water diverters that it has significant enforcement power under existing Water Code provisions. After a Superior Court halted implementation of State Water Board Curtailment Notices issued in May through June, the State Water Board came out swinging in July with new sets of tried-and-true tools – Cease and Desist Orders and a Civil Complaint. Both weapons in the arsenal include proposed penalties.
Earlier in the month, a Sacramento County Superior Court had directed the State Water Board to stop enforcing thousands of Curtailment Notices issued by the State Water Board, on the grounds that the Curtailment Notices did not afford water users adequate due process. The Court went on to affirm the State Water Board’s enforcement powers, but warned that it could not use the prior curtailment notices as a basis for such enforcement actions.
On July 15, 2015, the State Water Board “clarified” the prior Curtailment Notices (referring to them as “advisory” in nature) and reissued Water Unavailability Notification Letters entitled “Partial Rescission of April, May and June 2015 Curtailment Notices and Clarification of State Water Board Position Re: Notices of Unavailability of Water for Those Diverting Water in the Sacramento River Watershed, San Joaquin River Watershed and Delta, and Scott River” (the “July 15 Clarification”). While rescinding the curtailment portions of the prior notices, the State Water Board, on the substantive issue of water availability, reinforces the notification that there is insufficient water in these particular rivers and watersheds to serve the needs of all potential water users. It also states that “Diversion when there is no available water ….. is an unauthorized diversion and use and is subject to enforcement by the State Water Board.”
And the State Water Board began enforcement proceedings:
- On July 16 and 17, the State Water Board issued two Draft Cease and Desist Orders following the issuance of water unavailability notifications. The recipients of the Cease and Desist Orders (the West Side Irrigation District of Tracy and a private landowner in Trinity County face penalties of up to $10,000 a day.
- On July 20, the State Water Board issued a Draft Administrative Civil Liability Complaint alleging that a local irrigation district willfully disregarded the State Water Board’s advisory when it diverted water from a river for its own customers’ use. The potential cost? The State Water Board contends it could seek a penalty of more than $5 million, but instead proposes a $1.5 million fine be imposed on Byron-Bethany Irrigation District for its alleged improper water diversion.
A challenge will likely center on the role the earlier Curtailment Notices play in the current enforcement action. Byron-Bethany received a June 12, 2015 Curtailment Notice which the Superior Court found did not afford the recipients adequate due process. Byron-Bethany received the July 15 Clarification. The complaint is clear that the alleged improper diversion of water occurred between June 13 and June 25, 2015.
A draft complaint puts the Byron-Bethany matter in an administrative, quasi-judicial arena with heightened exposure. The Water Code classifies unauthorized diversion of water as a trespass, and assesses $1,000 for each day of trespass plus $2,500 for each acre-foot of water diverted or used in excess of the diverter’s water rights.
The subjects of the Cease and Desist Orders and the draft Complaint have 20 days to request a hearing before the State Water Board. By early August we will know if these proceedings will take place. In the meantime, we expect the State Water Board to continue exercising its enforcement muscle through Cease and Desist Orders and Civil Administrative Complaints.
Last week, several state agencies and the California Independent System Operator held a symposium on ways to reduce greenhouse gas (GHG) emissions from electricity generation while maintaining an affordable and reliable electricity system.
This multi-agency symposium is part of a series of public forums soliciting stakeholder input on 5 key climate change strategy pillars to meet by 2030 that Governor Jerry Brown identified in his inaugural address earlier this year. The pillars demonstrate the importance of emissions reductions in critical sectors of California’s economy and include:
- increasing from one-third to 50 percent the electricity derived from renewable sources;
- reducing today’s petroleum use in cars and trucks by up to 50 percent;
- doubling the efficiency savings achieved at existing buildings and making heating fuels cleaner;
- reducing the release of methane, black carbon, and other short lived climate pollutants; and
- managing farm and rangelands, forests, and wetlands so they can store carbon.
An impressive panel presided over this electricity-focused symposium comprised of the following officials:
- Gov. Jerry Brown’s Office
- Clifford Rechtschaffen, Sr. Advisor
- California Public Utilities Commission (“CPUC”)
- Michael Picker, President
- Carla J. Peterman, Commissioner
- California Energy Commission (“CEC”)
- Robert B. Weisenmiller, Chair
- California Air Resources Board (“ARB”)
- Richard Corey, Executive Officer
- California Independent System Operator (“CAISO”)
- Stephen Berberich, President and Chief Executive Officer
Since moving to 50 percent renewable energy will lead to increased challenges balancing electricity demand and generation at certain times due to the intermittent nature of renewables, participants discussed how additional tools will be needed to maintain reliability including by balancing supply and demand over broad geographic areas through multistate agreements like the western Energy Imbalance Market; increasing the diversity and flexibility of the generation fleet; expanding electric vehicle infrastructure and encouraging charging during times of high renewable production; deploying emerging storage technologies and programs that reward customers for shifting demand, and building a smarter distribution grid.
CAISO Director of Regional Integration, Phil Pettingill, presented on operational lessons learned important to a low-carbon grid and stressed the importance of regional cooperation. CPUC Executive Director, Edward Randolph, presented the advantages and disadvantages of several pathways to a GHG-based policy framework for electricity.
The meeting closed with diverse stakeholders commenting on ways to achieve renewable and GHG goals for the electricity sector from the perspective of investor owned utilities, municipal utilities, labor groups, renewable energy companies, environmental groups, and policymakers. The themes of a need for increased regional coordination, a diverse portfolio of resources, flexible loads, flexible generation, and more advancements in storage resonated throughout the discussions.
While recommendations differed, all participants agreed that decarbonizing the electricity sector will play a critical role in California’s ability to meet the GHG reduction target recently established in Governor Brown’s executive order of 40 percent below 1990 levels by 2030 – the most aggressive benchmark enacted in North America to date.
The Resource Conservation and Recovery Act, the federal law that regulates management of hazardous waste, is complicated and compliance can be tricky . . . but not impossible. Our experience is that good faith efforts to comply will avoid serious regulatory problems. A recent decision by the Ninth Circuit proves that the converse is true as well and that the courts will sniff out attempts at evasion.
In U.S. v. Roach, the Ninth Circuit rejected a criminal defendant’s effort to avoid conviction for “storing” hazardous waste without a permit by arguing he had in fact been “disposing” of it because the barrels of waste were leaking. In the alternative, he argued he had “disposed” of the barrels when he abandoned the building in which they had been stored. In support he cited a 2013 decision of the Circuit, U.S. v. Humphries, that held that disposal and storage were two different crimes, and a person cannot be convicted of storing a waste after he has disposed of it.
The court affirmed Roach’s conviction, holding that, whatever the merits of his argument about leaking barrels, his conviction was based on five barrels that were sealed and not leaking. On the alternative argument, the court held that while he may have left the barrels behind, they were not abandoned – they were in the same building they had always been in, which was owned by a third party, so all he had done was transfer custody to an innocent party. His argument was not helped by the fact that he had stipulated at trial and admitted at oral argument that he had been storing the waste without a permit prior to the time charged in the indictment. To accept his argument that the abandonment transformed his behavior from storage to disposal, the court held, would render the term “storage” meaningless.
A triumph for common sense in the tangled jungle of environmental law.
In Michigan v. EPA, the U. S. Supreme Court invalidated EPA’s rules limiting emissions of mercury and other pollutants from power plants, ruling that EPA inappropriately ignored the costs of regulation – particularly compliance costs – when it decided it should regulate these emissions from power plants. The June 29, 5-4 decision chastises EPA for deeming costs “irrelevant” early on in its analysis. The immediate result sends the 2011 Mercury and Air Toxics Standards (MATS) back to the D.C. Circuit Court but the regulated power plants have already made decisions and implemented steps pursuant to MATS. The longer term impact is less physical – EPA must be faster and more detailed in its cost/benefit analysis of regulations and those opposing EPA action may use the lack of cost estimates as an argument to slow imposition of new regulations.
See the full decision here: http://www.supremecourt.gov/opinions/14pdf/14-46_10n2.pdf.
Under the Clean Air Act, EPA may regulate power plants’ emissions of hazardous air pollutants, including mercury, if, after further studies, the agency finds that regulation is “appropriate and necessary.” Here, EPA finished its studies in 2000 and determined that regulating power plants was “appropriate and necessary” because of the mercury emissions posed risks to human health and environment that could not be otherwise eliminated, and because there were controls available to reduce those emissions. EPA concluded that it did not need to study costs at that juncture, in determining whether to regulate power plants. Rather, EPA could consider costs in detail later, when determining how much to regulate power plants’ emissions. It reaffirmed these “appropriate and necessary” determinations and promulgated the MATS rule in 2011.
Michigan, and 23 other states, filed suit challenging MATS, claiming that EPA should have considered costs when making the initial determination of whether to regulate power plants. The majority of the Court agreed with the petitioners and found that EPA acted unreasonably when it deemed cost irrelevant to the decision to regulate power plants. The decision rests heavily on a common understanding of the words “appropriate and necessary” – “[r]ead naturally in the present context, the phrase ‘appropriate and necessary’ requires at least some attention to cost.” While EPA has some flexibility in interpreting “appropriate and necessary,” the majority ruled it cannot “entirely fail to consider an important aspect” of the problem. The Court criticizes EPA for deeming cost “irrelevant” and giving cost “no thought at all”.
The estimated cost of complying with MATS, once EPA did do the cost/benefit analysis, is striking: EPA estimated that it would cost power plants $9.6 billion per year to achieve and maintain compliance with its regulations. In contrast, it estimated that compliance would create benefits worth $4 to $6 million per year (although when ‘ancillary benefits are included the comparison is not as one-sided.) Additionally, one of the studies EPA performed before its 2000 determination of whether to regulate mercury emissions from power plants included an examination of “technologies which are available to control such emission and the costs of such technologies.” While EPA asserted that it would prepare a detailed cost/benefit analysis later, this study certainly opened the door for the consideration of costs at an earlier stage of the rulemaking process.
While utilities have already implemented technology or decided to cease certain operations due to MATS requirements, the longer terms impact of this decision is that it will likely be used as a weapon in the arsenal of those challenging other EPA regulations. Clearly, the Court is giving less deference to EPA’s interpretation of its statutory authority, and admonishing it to provide a detailed cost-benefit analysis early in the process of developing environmental regulations. This judicial benchmark may delay EPA’s release of its final rule on carbon emissions under section 111(d) of the Clean Air Act (previously anticipated to be in August). In addition, those opposing the 111(d) regulations will likely feel emboldened by the prospect that EPA may be given less deference when those regulations reach the Supreme Court.
Under EPA’s Audit Policy, those who discover, promptly disclose and correct environmental violations may have penalties reduced or eliminated. 60 Fed Reg 66, 705 et seq. (1995); 65 Fed Reg 19, 617, et seq. (2000)
EPA recently hosted a webinar on its proposed “eDisclosure” portal for reporting Emergency Planning and Community Right-to-Know Act (EPCRA) and non-EPCRA violations under EPA’s Audit Policy.
It plans to activate the portal in the Fall of 2015. Although it would not change any of the Audit Policy criteria, it would alter how it is used.
A regulated entity will be required to first register on the portal, and then disclose violations and, when corrected, certify correction and compliance online. If the time limits are met for certain EPCRA violations, the system will automatically generate an electronic Notice of Determination, or “eNOD”, conditionally confirming that the violations are resolved without civil penalties. For other EPCRA and all non-EPCRA violations, there is an opportunity for an extension of the correction deadlines and only an Acknowledgement Letter confirming EPA’s receipt of the report is issued automatically. EPA will then determine eligibility for penalty reductions if and when it decides to take enforcement action. Obviously, the entities reporting will not receive quick feedback or assurances regarding penalties. Also, information disclosed on the portal will be more easily available to the public.
Beginning July 1 of this year, there’s a new program in town! A new general industrial stormwater permit kicks in in California. Companies with an existing stormwater permit will have to apply for a new permit, and prepare a new management plan—there is no grace period.
The most significant change is that the new permit includes numeric action limits that require a permittee to implement certain best management practices if its stormwater exceeds target levels for contaminants, like oil and grease, pH, and Total Suspended Solids. Permit documents (applications, plans, maps, some sampling data) will be available on a publicly accessible and searchable database, which could lead to increased public scrutiny and possible citizen suit litigation in the event of noncompliance. The new approach suggests your companies may want to elevate their attention to stormwater compliance to avoid problems.
No extensions have been imposed, so July 1 is the deadline!