As most of you know by now, Senate Bill (“SB”) 350, the much-chronicled and debated Clean Energy and Pollution Reduction Act of 2015, passed out of the California Legislature and is currently awaiting signature by Governor Brown. The bill currently includes the following significant changes to California’s energy and climate goals: Read More
The US Department of Justice has issued a memorandum to all of its prosecuting Divisions, directing changes to the principles applied by DOJ in prosecuting civilly or criminally individuals who engage in corporate misconduct. Press attention to the memorandum has focused on the application of those principles to Wall Street investment and banking firms, due to the absence of individual prosecutions despite several massive settlements with large banks over serious financial misconduct. However, the principles apply broadly to all DOJ enforcement activities, including environmental enforcement. Their application may affect a company’s ability to obtain favorable treatment for voluntary disclosure, and may also impact how companies handle separate representation for their employees. Read More
Reporting uner EPA’s audit policy, which has provided relief from gravity-based penalties to those who self-report, is about to become much easier. This fall, EPA expects to launch a centralized web-based “eDisclosure” portal that will make self-disclosure just a mouse click away. The requirements of the audit policy remain unchanged (e.g., violations must be disclosed within 21 days, corrected within 60 days of discovery, etc.) but reporting will be done electronically. In addition, for certain Emergency Planning and Community Right-to-Know (EPCRA) violations that are self-reported, EPA will issue an electronic Notice of Determination (eNOD) and resolve the violations with no assessment of civil penalties.
For more information on EPA’s audit policy and on the eDisclosure system, go to http://www2.epa.gov/compliance/epas-audit-policy.
The Fifth Circuit Court of Appeals reversed a district court decision holding CITGO liable for three misdemeanors under the Migratory Bird Treaty Act (MBTA) for bird deaths (the opinion lists 35 birds, including “twenty (regular old) ducks”) resulting from uncovered equalization tanks at its Corpus Christi refinery. The court also reversed two Clean Air Act (CAA) convictions for failure to cover the tanks. Read More
With so many challenges filed in so many venues to EPA’s Waters of the United States or WOTUS rule, it seemed inevitable that some plaintiffs somewhere would find a sympathetic court. And so it is that thirteen states found U. S. District Judge Ralph R. Erickson to preliminarily enjoin the “exceptionally expansive view” of the government’s reach under the Clean Water Act.
On August 14, 2015 California Public Utilities Commission (CPUC) Administrative Law Judge (ALJ) Rafael Lirag extended the deadline for public comment in the CPUC Confidentiality/Public Records Act rulemaking proceeding. This proceeding will have a major impact on record submitters (utilities), public advocates, and news agencies alike by dictating how, and which, documents will remain confidential when submitted in CPUC proceedings. Read More
On August 11, 2015, a district court in Silicon Valley remanded a U.S. Fish and Wildlife Service (FWS) rule issued in 2013 that had extended the potential term of incidental take permits under the Bald and Golden Eagle Protection Act (Eagle Protection Act) from 5 years to 30 years. Bird protection groups challenged FWS issuance of the rule extending the potential permit length without first conducting an environmental assessment, which the court held was fatal to the action’s validity. The extension had been promulgated by FWS to assist wind power companies in obtaining financing of facilities that typically were expected to operate for 20-30 years.
The Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) July 16, 2015, proposing to approve various Critical Infrastructure Protection (CIP) reliability standards proposed by the North American Electric Reliability Corporation (NERC) and further proposed to direct NERC to develop a new CIP reliability standard to protect the bulk electric system (BES) supply chain. Comments on the NOPR are due Sept. 21, 2015.
The NOPR reflects FERC’s heightened attention to the cyber security of the BES by demanding the expansion of the scope of CIP standards and wielding its authority under section 215 of the Federal Power Act (FPA) to order NERC to develop a new standard, while laying out the purpose and parameters of such standard. If adopted, the NOPR will undoubtedly require responsible entities to devote resources to additional CIP compliance and elicit further debate regarding the cost-benefit analysis of NERC reliability standards. Lending potential credence to the ‘benefit’ side of the equation, Lloyd’s and the University of Cambridge Centre for Risk Studies recently published an Emerging Risk Report, titled Business Blackout: The Insurance Implications of a Cyber-attack on the US Power Grid. The report posits that a large-scale cyber attack on the U.S. power grid could cost the US economy trillions of dollars. A summary of the NOPR and Report follows.
FERC’s CIP NOPR
The CIP NOPR follows NERC’s submission of seven CIP standards on Feb. 13, 2015 in compliance with Order No. 791, which addressed “Version 5” of the CIP standards. FERC concluded that NERC satisfactorily complied with most mandates of Order No. 791. Specifically, NERC removed language stating a responsible entity must “identify, address, and correct” compliance deficiencies from seventeen CIP requirements that FERC found did not meet the “clear and unambiguous” objective of reliability standards. NERC explained that the original intent of the language would nonetheless be satisfied via procedural revisions to its Compliance Monitoring and Enforcement Program.
NERC also addressed FERC’s concern that there were no objective criteria for evaluating compliance for “Low Impact” cyber systems. As amended, NERC’s proposed new “High, Medium or Low Impact” tiered approach to classifying cyber systems now assigns enumerated controls for Low Impact cyber systems, including the requirement to develop management-sanctioned cyber security policies for Low Impact cyber systems. This will be significant to entities that previously did not have any cyber assets covered by the reliability standards. Not only must these entities now assess and classify all cyber systems, but must further designate resources to develop policies meeting certain minimum requirements to protect such assets.
FERC advocated for further protection of Low Impact cyber systems in the NOPR with respect to NERC’s proposed controls for transient devices, including thumb drives and portable laptop computers. NERC developed controls for transient devices in response to Order No. 791 (along with a new Glossary Term defining such devices), but explained resources would be best allocated by only applying the requirements to Medium and High Impact cyber systems. FERC directed NERC to either provide adequate justification for the exclusion of Low Impact cyber assets or risk being sent back to develop requirements that appropriately accommodated such assets.
FERC also directed NERC to revisit changes it made affecting communication networks. FERC perceives a reliability gap in NERC’s proposal to create controls for “nonprogrammable components of communication networks within the same Electronic Security Perimeter.” The exclusion of programmable and nonprogrammable communication network components that exist outside an Electronic Security Perimeter leaves “real-time data passing between Control Centers outside of a facility” unprotected. FERC thus directed NERC to revise the requirements of CIP-006-6 to protect inter-Control Center communications. FERC also specifically requested comment on whether it should consider additional protections for remote access to cyber systems.
The NOPR steps outside the bounds of NERC’s compliance filing to propose the creation of a new Reliability Standard to address supply chain protection. Citing to guidance provided by the Department of Energy, the Department of Homeland Security, and the National Institute of Standards and Technology, FERC explained that “the global supply chain also enables opportunities for adversaries to directly or indirectly affect the management or operations of companies that may result in risks to the end user.” The new Reliability Standard would only apply to entities under the jurisdiction of FPA § 215, yet would need to consider the entire supply chain. At a minimum, FERC stated the standard “should accommodate … an entity’s: (1) procurement process; (2) vendor relations; (3) system requirements; (4) information technology implementation; and (5) privileged commercial or financial information.” FERC acknowledged that this would be a “significant undertaking” and requested comments on the proposal to facilitate stakeholder input at the standard’s inception.
Lloyd’s Emerging Risks Report
Lloyd’s and the University of Cambridge Centre for Risk Studies recently published Business Blackout: The Insurance Implications of a Cyber-attack on the US Power Grid, an assessment of the insurance implications of a large-scale cyber attack on the U.S. power grid. The assessment relied upon a fictional scenario developed by subject matter experts drawing from historical examples and plausible technological exploits. The report depicts actions of sophisticated attackers who engage in methodical planning and reconnaissance, and deploy a variety of tactics to penetrate the security of the electrical grid. These tactics include social engineering, hacking of remotely accessed controlled systems, physical intrusions, and the deployment of malware. The malware ultimately infects multiple electricity generation control rooms, allowing attackers to control them remotely, forcing them to overload and burn out, causing fires, explosions and sustained outages. The Lloyd’s report estimates such an attack could deprive millions of individuals and businesses of power for sustained periods, and cost the U.S. economy between $243 billion to $1 trillion in the most extreme version of the scenario.The scenario addresses three attributes of cyber risk that distinguish it from other types of risk. The first is the systemic exposure caused by connected digital networks and shared technologies. The second is the “intangible” nature of a cyber attack – it is usually surreptitiously deployed and often not detected for months or even years after the event. The third is the dynamic and evolving nature of technology driven by human creative intelligence. Although the fictional scenario depicted in the Lloyd’s report is improbable, it is technologically possible. Business Blackout demonstrates that if such an attack occurred, the effects would be wide ranging, impacting not just power generation, transmission and distribution companies, but literally every aspect of our critical infrastructure and economy. The report estimates that the insurance industry would face cyber attack-related claims ranging between $21.4 billion up to $71.1 billion in the most extreme version of the scenario. It nonetheless asserts that insurance can be a valuable tool for managing and responding to cyber risk.
This advisory is a publication of Davis Wright Tremaine LLP. Our purpose in publishing this advisory is to inform our clients and friends of recent legal developments. It is not intended, nor should it be used, as a substitute for specific legal advice as legal counsel may only be given in response to inquiries regarding particular situations.
The fact that California is suffering its fourth year of drought conditions is not a new story — how the State should address this water shortage is the subject of much debate.
The California State Water Resources Control Board (State Water Board) has recently been flexing its muscles, determined to show water users and water diverters that it has significant enforcement power under existing Water Code provisions. After a Superior Court halted implementation of State Water Board Curtailment Notices issued in May through June, the State Water Board came out swinging in July with new sets of tried-and-true tools – Cease and Desist Orders and a Civil Complaint. Both weapons in the arsenal include proposed penalties.
Earlier in the month, a Sacramento County Superior Court had directed the State Water Board to stop enforcing thousands of Curtailment Notices issued by the State Water Board, on the grounds that the Curtailment Notices did not afford water users adequate due process. The Court went on to affirm the State Water Board’s enforcement powers, but warned that it could not use the prior curtailment notices as a basis for such enforcement actions.
On July 15, 2015, the State Water Board “clarified” the prior Curtailment Notices (referring to them as “advisory” in nature) and reissued Water Unavailability Notification Letters entitled “Partial Rescission of April, May and June 2015 Curtailment Notices and Clarification of State Water Board Position Re: Notices of Unavailability of Water for Those Diverting Water in the Sacramento River Watershed, San Joaquin River Watershed and Delta, and Scott River” (the “July 15 Clarification”). While rescinding the curtailment portions of the prior notices, the State Water Board, on the substantive issue of water availability, reinforces the notification that there is insufficient water in these particular rivers and watersheds to serve the needs of all potential water users. It also states that “Diversion when there is no available water ….. is an unauthorized diversion and use and is subject to enforcement by the State Water Board.”
And the State Water Board began enforcement proceedings:
- On July 16 and 17, the State Water Board issued two Draft Cease and Desist Orders following the issuance of water unavailability notifications. The recipients of the Cease and Desist Orders (the West Side Irrigation District of Tracy and a private landowner in Trinity County face penalties of up to $10,000 a day.
- On July 20, the State Water Board issued a Draft Administrative Civil Liability Complaint alleging that a local irrigation district willfully disregarded the State Water Board’s advisory when it diverted water from a river for its own customers’ use. The potential cost? The State Water Board contends it could seek a penalty of more than $5 million, but instead proposes a $1.5 million fine be imposed on Byron-Bethany Irrigation District for its alleged improper water diversion.
A challenge will likely center on the role the earlier Curtailment Notices play in the current enforcement action. Byron-Bethany received a June 12, 2015 Curtailment Notice which the Superior Court found did not afford the recipients adequate due process. Byron-Bethany received the July 15 Clarification. The complaint is clear that the alleged improper diversion of water occurred between June 13 and June 25, 2015.
A draft complaint puts the Byron-Bethany matter in an administrative, quasi-judicial arena with heightened exposure. The Water Code classifies unauthorized diversion of water as a trespass, and assesses $1,000 for each day of trespass plus $2,500 for each acre-foot of water diverted or used in excess of the diverter’s water rights.
The subjects of the Cease and Desist Orders and the draft Complaint have 20 days to request a hearing before the State Water Board. By early August we will know if these proceedings will take place. In the meantime, we expect the State Water Board to continue exercising its enforcement muscle through Cease and Desist Orders and Civil Administrative Complaints.
Last week, several state agencies and the California Independent System Operator held a symposium on ways to reduce greenhouse gas (GHG) emissions from electricity generation while maintaining an affordable and reliable electricity system.
This multi-agency symposium is part of a series of public forums soliciting stakeholder input on 5 key climate change strategy pillars to meet by 2030 that Governor Jerry Brown identified in his inaugural address earlier this year. The pillars demonstrate the importance of emissions reductions in critical sectors of California’s economy and include:
- increasing from one-third to 50 percent the electricity derived from renewable sources;
- reducing today’s petroleum use in cars and trucks by up to 50 percent;
- doubling the efficiency savings achieved at existing buildings and making heating fuels cleaner;
- reducing the release of methane, black carbon, and other short lived climate pollutants; and
- managing farm and rangelands, forests, and wetlands so they can store carbon.
An impressive panel presided over this electricity-focused symposium comprised of the following officials:
- Gov. Jerry Brown’s Office
- Clifford Rechtschaffen, Sr. Advisor
- California Public Utilities Commission (“CPUC”)
- Michael Picker, President
- Carla J. Peterman, Commissioner
- California Energy Commission (“CEC”)
- Robert B. Weisenmiller, Chair
- California Air Resources Board (“ARB”)
- Richard Corey, Executive Officer
- California Independent System Operator (“CAISO”)
- Stephen Berberich, President and Chief Executive Officer
Since moving to 50 percent renewable energy will lead to increased challenges balancing electricity demand and generation at certain times due to the intermittent nature of renewables, participants discussed how additional tools will be needed to maintain reliability including by balancing supply and demand over broad geographic areas through multistate agreements like the western Energy Imbalance Market; increasing the diversity and flexibility of the generation fleet; expanding electric vehicle infrastructure and encouraging charging during times of high renewable production; deploying emerging storage technologies and programs that reward customers for shifting demand, and building a smarter distribution grid.
CAISO Director of Regional Integration, Phil Pettingill, presented on operational lessons learned important to a low-carbon grid and stressed the importance of regional cooperation. CPUC Executive Director, Edward Randolph, presented the advantages and disadvantages of several pathways to a GHG-based policy framework for electricity.
The meeting closed with diverse stakeholders commenting on ways to achieve renewable and GHG goals for the electricity sector from the perspective of investor owned utilities, municipal utilities, labor groups, renewable energy companies, environmental groups, and policymakers. The themes of a need for increased regional coordination, a diverse portfolio of resources, flexible loads, flexible generation, and more advancements in storage resonated throughout the discussions.
While recommendations differed, all participants agreed that decarbonizing the electricity sector will play a critical role in California’s ability to meet the GHG reduction target recently established in Governor Brown’s executive order of 40 percent below 1990 levels by 2030 – the most aggressive benchmark enacted in North America to date.