Statutes, codes, and regulations
Oklahoma Administrative Code
Title 165 - Corporation CommissionChapter 35 - Electric Utility Rules
Subchapter 33 - Homeland Security and Critical Infrastructure
Section 165:35-33-5 - [Effective 10/1/2024] Utility Security Plan

Okla. Admin. Code § 165:35-33-5

Download
PDF
Current through Vol. 42, No. 1, September 16, 2024
Section 165:35-33-5 - [Effective 10/1/2024] Utility Security Plan
(a) Each electric utility is required to prepare and make available for inspection, a "Homeland Security and Critical Infrastructure Plan" (" Security Plan") that has been prepared with reference to the applicable NERC Security Guidelines and Standards or equivalent cybersecurity framework and standards as guidance with a defined cybersecurity strategy.
(b) The Security Plan shall be marked as "Highly Sensitive Confidential" and designate those facilities that the utility considers to be critical infrastructure (as defined in OAC 165:35-33-3), and shall set forth the utility's measures to secure such facilities from extended service interruption. The Security Plan shall also include an estimate of the costs necessary to achieve such measures.
(c) The Security Plan shall remain on site at the utility's business office in accordance with OAC 165:35-33-7(g) below and shall have the most current version of the redlined Plan Update Report attached to the clean version of the utility's latest Security Plan. At the utility's option, changes will either be redlined or a history of changes may be maintained.
(d) The Security Plan shall list all locations deemed by the utility to be critical, as well as identification of any subsequently increased security measures. All locations and security measures shall be identified by code known only to the utility and designated state government officials and their designees.
(e) Any subsequent security measures identified in the Security Plan shall contain an estimate of the cost necessary to implement such measures, a description of the measures necessary to adequately secure each specific location and an estimated schedule for completion of each measure.
(f) All locations identified by the Security Plan that require additional security measures shall be prioritized by the utility.
(g) Beginning December 30, 2005 and on July 1 of each year thereafter, Commission Staff shall submit an Annual Report marked as "Highly Sensitive Confidential" to the Commission, summarizing the results of Staff's review of the utility's Security Plan (and any Security Plan Update Reports), along with any recommendations that Staff may have regarding such Security Plan(s).
(h) Beginning December 30, 2005, where the Attorney General elects to submit recommendations to the Commission regarding a utility's Security Plan, such recommendations shall be marked as "Highly Sensitive Confidential" and shall also be due by July 1 of each subsequent year.

Okla. Admin. Code § 165:35-33-5

Added at 22 Ok Reg 704, eff 7-1-05
Amended by Oklahoma Register, Volume 36, Issue 21, July 15, 2019, eff. 7/25/2019
Amended by Oklahoma Register, Volume 41, Issue 23, August 15, 2024, eff. 10/1/2024