6. Assignment of Proceeding

Nancy E. Ryan is the assigned Commissioner and Timothy J. Sullivan is the assigned ALJ in this proceeding.

1. The Commission has consulted with the CEC in developing standards and guidance concerning Smart Grid Deployment Plans.

2. The ISO is a party to this proceeding and has provided the Commission with input on issues that affect it.

3. The Commission has permitted all stakeholders who desire to participate in this proceeding.

4. Participation by the CEC and the ISO in planning a workshop to be held by this Commission prior to the filing of Smart Grid deployment plans can permit substantive input into the Commission's review process by the CEC and the ISO.

5. A workshop held by the Commission prior to the filing of Smart Grid Deployment Plans can permit substantive input into the Commission's review process by the CEC and the ISO.

6. National standard setting bodies and other public and private entities, including the NIST, Gridwise Architecture Council, the International Electrical and Electronics Engineers, and the National Electric Reliability Organization recognized by FERC are in the process of developing standards and protocols for the Smart Grid.

7. One way to lower unnecessary barriers is for California's Smart Grid deployment to follow national standards and guidelines for interoperability and incorporate national communication protocols.

8. The Smart Grid can decrease the need for other infrastructure investments and these benefits should be taken into account when planning infrastructure.

9. Deployment plans can create a "baseline" describing Smart Grid investments that can permit the Commission to determine progress by a utility in implementing a Smart Grid.

10. An approved Smart Grid Deployment Plan can provide a utility with guidance concerning Smart Grid investments and a rationale that can support a proposed investment during review of the project and help in the determination that the project is reasonable and consistent with the Commission's overall Smart Grid vision. Alternatively, evidence that an investment does not comport with a utility's Smart Grid Deployment Plan or the goals of SB 17 should be considered a rationale supporting a determination that it is unreasonable.

11. The technologies that are used in the Smart Grid are undergoing rapid changes in capabilities and costs.

12. The best estimates of rapidly changing technologies, capabilities and costs can be obtained close to the point of the implementation of a project that uses these technologies.

13. Because of the rapidly changing capabilities and costs of Smart Grid technologies, an assessment of the reasonableness of a project cannot be made accurately at the time that deployment plans are constructed.

14. The Smart Grid can promote environmental benefits from renewables, energy efficiency programs, demand side management, demand response programs, and other innovative technologies and programs envisioned in SB 17.

15. A Smart Grid Deployment Plan that includes the following 8 topic areas offers a practical way of presenting a deployment plan that can demonstrate compliance with the policy initiatives of SB 17:

16. The systematic presentation of a Smart Grid Deployment Plan can enable the Commission to understand and assess the baseline condition of today's grid even as it keeps its eyes trained on the grid of the future.

17. A common format for the Smart Grid Deployment Plan can facilitate Commission review and participation by interested parties in Commission proceedings.

18. A vision statement is needed for the Smart Grid Deployment Plan.

19. A vision statement will help orient a utility's efforts to upgrade its electrical system to meet today's electric system and policy requirements and tomorrow's electric system and policy needs using the latest technologies.

20. A presentation of a Smart Grid Vision Statement that shows that the proposed deployment plan advances a "Smart Market" that is transparent and demand responsive, provides pricing information, promotes distributed power, incorporates cost-effective energy storage, and promotes the environmental goals of California would be consistent with SB 17 policies and initiatives.

21. A presentation of a Smart Grid Vision Statement that shows that the proposed deployment plan promotes a "Smart Customer" who is informed, empowered and able to use electricity efficiently and in ways the promote environmental goals would be consistent with SB 17 policies and initiatives.

22. A presentation of a Smart Grid Vision Statement that shows that the proposed deployment plan promotes a "Smart Utility" whose grid is predictive and enabling, self-healing, able to resist physical and cyber attacks while protecting customer privacy, and promotes compliance with California's environmental laws and policies would be consistent with SB 17 policies and initiatives.

23. A baseline of current Smart Grid infrastructure investments is necessary to enable the Commission to understand where utilities are today.

24. DRA requests that the Commission set an October 1, 2010 deadline for the submission of a Smart Grid inventory of technologies.

25. A thorough inventory of Smart Grid investments can ensure that ratepayers do not pay twice for the same Smart Grid investment.

26. A Smart Grid strategy section of the Smart Grid Deployment Plan can offer a sense of direction and guidance for the development of the Smart Grid.

27. Setting rigid requirements as part of a Smart Grid strategy is not in the public interest.

28. It is important that Smart Grid investments demonstrate how they meet the requirements of SB 17 and other applicable statutes and policies.

29. A Smart Grid strategy that demonstrates how a utility can achieve the goals set out in SB 17 is useful for planning purposes.

30. There exist several communications networks (both wireline and wireless) in California's current infrastructure that may offer cost-effective means for providing the data communication that a Smart Grid requires.

31. A Smart Grid strategy that considers how to support the goals of GO 156 as utilities purchase and build the Smart Grid is useful for Commission planning.

32. Grid security and cyber security are key components of a Smart Grid and important elements in any deployment plan.

33. Because of the current and planned deployment of Smart Grid technologies, there is also an urgent need for appropriate security programs that address physical and cyber threats/attacks.

34. Smart Grid technologies will introduce millions of new intelligent components to the electric grid that communicate in much more advanced ways than in the past.

35. The goal of a security program for the Smart Grid is to provide security while not impeding the functioning of the grid.

36. Physical security and cyber security of the Smart Grid are needed to promote the reliability of the grid, protect the privacy, reliability and confidentiality of the information that is transmitted, and to contain and mitigate any cyber-security threats.

37. The Smart Grid Deployment Plans can provide the Commission and the public with insight into the security of the Smart Grid.

38. A robust Smart Grid security strategy should address physical, cyber and human threats to the Smart Grid's operations.

39. The developing NIST framework will address many of the security issues that are arising from the Smart Grid technology deployment.

40. NIST and DHS have identified and prepared key documents concerning cyber security `standards' that provide guidance on cyber security issues that are applicable to Smart Grid Deployment Plans. These include:

a. Security Profile for Advanced Metering Infrastructure, v 1.0, Advanced Security Acceleration Project - Smart Grid, December 10, 2009 provides guidance and security controls to organizations developing or implementing AMI solutions, including the meter data management system up to and including the HAN interface of the smart meter;378

b. Catalog of Control Systems Security: Recommendations for Standards Developers, U.S. Department of Homeland Security, National Cyber Security Division, September 2009 presents a compilation of practices that various industry bodies have recommended to increase the security of control systems from both physical and cyber attacks; and

c. Department of Homeland Security developed the Cyber Security Procurement Language for Control Systems to provide guidance to procuring cyber security technologies for control systems products and services.

41. An effective security strategy should be based on a systematic risk assessment by both IOUs and their communications providers that addresses the prevention of, preparation for, protection against, mitigation of, response to, and recovery from security threats for the utilities' advanced metering infrastructure, distribution grid management, the communications providers' communications networks, and Smart Grid operations, but it is not necessary to file the details of security audits with the Commission at this time.

42. Designing cyber security into the Smart Grid will reduce the vulnerability of the electric grid and reduce the likelihood of later needing to modify Smart Grid components to address vulnerabilities.

43. Threat assessments and modeling - identifying an attackers goals and specifying how those goals might be accomplished in a given system - provides a valuable and systematic way of identifying vulnerabilities in systems such as the electric grid.

44. Subjecting Smart Grid cyber security assessments to a broad review will improve their quality and allow utilities and the Commission to take advantage of industry, academic and public interest expertise.

45. Answering certain questions in a Smart Grid Deployment Plan will help the Commission ensure that the information pertaining to customers and their usage of electricity and power is secure. These questions include:

a. What types of information about customers are or will be collected via the smart meters, and what are the purposes of the information collection? Could the information collection be minimized without failing to meet the specified purposes?

b. Does the utility have or expect to have other types of devices, such as programmable communicating thermostats, which can collect information about customers? If so, what types of information is collected, and what are the purposes of the information collection? Could the information collection be minimized without interfering with the specified purposes?

c. What types of information, if any, does the utility plan to collect from the smart meter and HAN gateway?

d. How frequently will the utility take readings from the smart meter? Is this frequency subject to change? Will customers control this frequency?

e. For each type of information identified above, for what purposes will the information be used? The purposes should be articulated with specificity, e.g., "targeted marketing" instead of "promoting energy efficiency."

f. For each type of information collected, for how long will the information retained, and what is the purpose of the retention? Could the retention period be shortened without failing to meet the specified purpose?

g. With whom does the utility share customer information and energy data currently? With whom does the utility reasonable foresee sharing data in the future? What does the utility anticipate is or will be the purpose for which the third party will use the data? What measures are o4r will be employed by the utility to protect the security and privacy of information shared with other entities? What limitations and restrictions will the utility place on third-part use and retention of data and on downstream sharing? How will the utility enforce those limitations and restrictions?

h. What measures are or will be employed by the utility to protect the security of customer information?

i. Has the utility audited or will it audit its security and privacy practices, both internally and by independent outside entities? If so, how often will there be audits? What are the audit results to date, if any?

46. A Smart Grid Roadmap can provide useful information concerning technologies and their deployment, even though a roadmap remains subject to change.

47. A Smart Grid Roadmap can assist the Commission in conducting timely reviews and in the Commission's own budgeting and planning.

48. A Smart Grid Roadmap can show how a proposed deployment of infrastructure can aid California in meeting the deadlines adopted in legislation for renewable energy projects and other energy-related environmental policies, such as those pertaining to green house gases, energy efficiency, demand-side management, and demand response.

49. A Smart Grid Roadmap can facilitate the identification of essential infrastructure steps needed to provide customers with access to consumption and pricing data.

50. A section on Cost Estimates in Smart Grid Deployment Plans can include preliminary and conceptual costs.

51. Cost estimates for technologies associated with the Smart Grid are undergoing dramatic changes.

52. The technologies used in the Smart Grid are undergoing dramatic changes.

53. Preliminary information on costs will help the Commission in its planning and make Smart Grid Deployment Plans more useful.

54. Estimates of costs over a 5-year planning horizon are useful.

55. The Benefits Estimates section should discuss the range of benefits that a proposed Smart Grid project will produce.

56. The benefits of the Smart Grid can be efficiently organized into three broad categories: 1) benefits of compliance with legal and regulatory goals and requirements; 2) other benefits that are difficult to quantify or price, such as safety benefits; and 3) benefits that are simple to quantify and are sometimes called "business-case" benefits.

57. An estimation of the incremental benefits that arise from incremental expenditures will be useful in deployment plans.

58. An estimation of the environmental benefits that may arise from Smart Grid will be useful in deployment plans.

59. An estimation of the benefit of infrastructure investments that the Smart Grid makes unnecessary will be useful in deployment plans.

60. The benefits of storage extend beyond substituting for fossil generation.

61. The inclusion of a section on metrics in the Smart Grid Deployment Plan will provide the Commission with a means to assess the state of the electric grid.

62. The choice of metrics raises questions that are not resolved at this time.

63. The consideration of all utility Smart Grid Deployment Plans in a single proceeding offers administrative efficiencies.

64. Because of the importance of the Smart Grid, because this technology is rapidly changing and because the Commission will use deployment plans in assessing proposed investments, it is critical that these plans be up-to-date.

65. Smart Grid technologies and investments are most similar to the technologies and investments considered under the AMI, which the Commission reviewed through applications.

66. A GRC encompasses a utility's entire portfolio of investments as well as operating and maintenance costs and occurs at intervals of 3 to 5 years.

67. SB 17 requires that Smart Grid Deployment Plans be filed by July 1, 2011.

68. The Smart Grid Deployment Plans filed by July 1, 2011 will contain a report on the current state of the Smart Gird.

69. SB 17 requires an annual report to the Governor and Legislature by the Commission on the status of the Smart Grid.

70. An annual report filed by utilities on Smart Grid developments will facilitate the Commission's preparation of the report required annually by SB 17.

1. The Commission has complied with the terms of § 8362 (a) of the Pub. Util. Code which requires that the Commission consult with the CEC, the ISO and other key stakeholders in determining the requirements for Smart Grid Deployment Plans.

2. The participation by the CEC and ISO in the planning of a workshop to be held by this Commission prior to the filing of Smart Grid Deployment Plans is consistent with 8362 (a) of the Pub. Util. Code.

3. The participation by the CEC and ISO in a workshop to be held by this Commission prior to the filing of Smart Grid Deployment Plans is consistent with 8362 (a) of the Pub. Util. Code.

4. It is reasonable and consistent with SB 17 to defer consideration of standards and protocols for the Smart Grid until further action by NIST, Gridwise Architecture Council, the International Electrical and Electronics Engineers, and the National Electric Reliability Organization recognized by the Federal Energy Regulatory Commission.

5. It is reasonable for the Commission to defer the adoption of Smart Grid standards and protocols until NIST achieves consensus on specific standards.

6. It is reasonable and consistent with SB 17 to use Smart Grid Deployment Plans to develop a baseline against which to measure a utility's progress towards deploying a Smart Grid.

7. It is reasonable and consistent with SB 17 to use the Smart Grid Deployment Plans to guide utility investments in the Smart Grid to ensure that they promote the policy goals adopted by the Commission pursuant to SB 17 and EISA.

8. It is reasonable and consistent with SB 17 to use the Smart Grid Deployment Plans as a rationale that supports a proposed investment during the determination of whether a specific project is reasonable and consistent with the Commission's overall Smart Gird vision.

9. It is not reasonable to use a Smart Grid Deployment Plan to confer a presumption of reasonableness on a specific investment project.

10. It is reasonable to require Smart Grid Deployment Plans to follow the eight-element format as follows:

11. Smart Grid policy goals consistent with the initiatives and policies of SB 17 include that the Smart Grid:

a. Be self-healing and resilient;

b. Empower consumers to actively participate in the operations of the grid;

c. Resist attack;

d. Provide higher quality of power and avoid outages;

e. Accommodate all generation and energy storage options,

f. Enable electricity markets to flourish;

g. Run the grid more efficiently; and

h. Enable penetration of intermittent power generation sources;

i. Create a platform for deployment of a wide range of energy technologies and management services;

j. Enable and support the sale of demand response, energy efficiency, distributed generation, and storage into wholesale energy markets as a resource, on equal footing with traditional generation resources; and,

k. Significantly reduce the total environmental footprint of the current electric generation and delivery system in California.

12. It is reasonable to require that each Smart Grid Deployment Plan has a Smart Grid Vision Statement that includes three areas: "Smart Market," "Smart Customer," and "Smart Utility."

13. It is reasonable to require a baseline inventory of Smart Grid investments in the Deployment Baseline section of the Smart Grid Deployment Plan.

14. Requiring a Smart Grid inventory by October 1, 2010 is inconsistent with the intent of SB 17, which does not require the filing of Smart Grid Deployment Plans until July 1, 2011.

15. It is reasonable to determine the current state of privacy actions by asking utilities, as part of their Smart Grid Deployment Plan, to answer the following questions concerning the data of customers:

a. What data is the utility now collecting?

b. For what purpose is the data being collected?

c. With whom will the utility currently share the data?

d. How long will the utility currently keep the data?

e. What confidence does the utility have that the data will is accurate and reliable enough for the purposes for which the data will be used?

f. How does the utility protect the data against loss or misuse?

g. With whom does the utility share customer information and energy data currently? With whom does the utility reasonable foresee sharing data in the future? What does the utility anticipate is or will be the purpose for which the third party will use the data? What measures are or will be employed by the utility to protect the security and privacy of information shared with other entities? What limitations and restrictions will the utility place on third-part use and retention of data and on downstream sharing? How will the utility enforce those limitations and restrictions?

h. How do individuals have access to the data about themselves? and

i. What audit, oversight and enforcement mechanisms does the utility have in place to ensure that the utility is following their own rules?

16. It is reasonable to require the Smart Grid strategy component of the Smart Grid Deployment Plan to guide future investments and to show how a utility can achieve the goals set out in SB 17 and other statutes and policies, including those that promote increases in energy efficiency, the use of demand-side management and demand response, and those that seek to reduce greenhouse gas emissions.

17. It is reasonable to require the strategy section of the Smart Grid Deployment Plan to include an assessment as to whether current wireline and/or wireless communications infrastructure can plan a role in providing cost-effective data communications that the Smart Grid requires.

18. It is reasonable to require the strategy section of a Smart Grid Deployment Plan to consider how interoperability standards will be used and how the utility will minimize the risk of stranded costs in cases where consensus standards do not yet exist.

19. It is reasonable to require the strategy section of a Smart Grid Deployment Plan to assess how Smart Grid acquisitions can promote the goals of GO 156.

20. It is reasonable to require that the Grid Security and Cyber Security Strategy section of the Smart Grid Deployment Plans specify, for each applicable requirement in the guidance documents that NIST and DHS are developing, (1) what testing or analysis a utility has done (or relies on, if the testing or analysis was performed by another entity) to gauge their systems against the guidelines; (2) what results were obtained from this testing or analysis; and (3) what criteria were used to determine whether specific requirements are inapplicable.

21. It is reasonable to permit each utility to retain the detailed results of cyber security audits as long as the Commission has access to such detailed results as necessary.

22. It is reasonable to permit utilities to request that specific portions of deployment plan be filed under seal. Such requests must state the reason(s) for the request.

23. It is reasonable to require that the Grid Security and Cyber Security Strategy section of the Smart Grid Deployment Plan include a systematic risk assessment by both IOUs and their communications providers that addresses the prevention of, preparation for, protection against, mitigation of, response to, and recovery from security threats for the utilities' advanced metering infrastructure, distribution grid management, the communications networks used, and Smart Grid operations.

24. SB 17 places a special emphasis on security issues relating to customers.

25. It is reasonable to require that the Grid Security and Cyber Security Strategy section of the Smart Grid Deployment Plan address questions relating to the security of information pertaining to customers.

26. It is reasonable to require that the Smart Grid Roadmap section of the Smart Grid Deployment Plan provide the timetable for Smart Grid infrastructure investments.

27. It is reasonable to require that the Cost Estimates section of the Smart Grid Deployment Plan include cost estimates, even though these estimates are necessarily preliminary due to the rapidly changing technologies and costs involved with the Smart Grid.

28. It is reasonable to require that the Cost Estimates section of the Smart Grid Deployment Plan include 5-year estimates of costs.

29. It is reasonable to require that the Benefits Estimate section of the Smart Grid Deployment Plan be organized into three broad categories: (a) benefits of compliance with legal and regulatory goals and requirements; (b) other benefits that are difficulty to quantify or price, such as safety and environmental benefits; and (c) benefits that are simple to quantify and are sometimes called "business-case" benefits and environmental benefits that can be quantified and monetized.

30. It is reasonable to require Smart Grid Deployment Plans to include a section on Metrics that go beyond simple "build" measurements to assess how all SB 17 goals are met.

31. It is reasonable to order further workshops and to seek additional comments on the choice of Smart Grid metrics for inclusion in deployment plans.

32. It is reasonable to consider all utility Smart Grid Deployment Plans in a single proceeding.

33. There is insufficient record to permit a determination as to whether prohibiting utility investment beyond the meter is in the public interest. The Commission will re-examine this determination during the review of the Smart Grid Deployment Plans. A guiding policy principle that the Commission will use in making its decision will be to ensure that no utility is unfairly advantaged over any other company.

34. It is reasonable to determine the next steps in updating Smart Grid Deployment Plans during the proceeding to review the initial deployment plans.

35. It is reasonable to review proposed Smart Grid investments in either a General Rate Case or in an application, provided that the application is not filed before the filing of the utility's first Smart Grid Deployment Plan.

36. It is reasonable to require annual reports on the status of the Smart Grid commencing on October 1, 2012 that will provide the status of Smart Grid investments as of July 1 of the year in which the report is filed.

ORDER

IT IS ORDERED that:

1. Pacific Gas and Electric Company, Southern California Edison Company and San Diego Gas & Electric Company each shall file an application no later than July 1, 2011 submitting its Smart Grid Deployment Plan, consistent with Senate Bill 17 (Padilla), Chapter 327, Statutes of 2009, and the requirements in this decision. If a utility requests to submit any portion of its deployment plan under seal, it shall designate those portions with specificity and state the reason(s) for its request to file under seal. Each utility shall serve its application on the service lists for Rulemaking 08-12-009 and any open Long Term Procurement Plan proceedings. If the utility has a pending general rate case proceeding, it shall also serve its application on that proceeding's service list.

2. Pacific Gas and Electric Company, Southern California Edison Company and San Diego Gas & Electric Company each shall follow an eight-element format in its Smart Grid Deployment Plan as follows:

h. Metrics.

3. In the Smart Grid Vision Statement section of its Smart Grid Deployment Plan, Pacific Gas and Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company each shall address how the grid can achieve the policies contained in Senate Bill 17, including:

a. Be self-healing and resilient;

b. Empower consumers to actively participate in the operations of the grid;

c. Resist attack;

d. Provide higher quality of power and avoid outages;

e. Accommodate all generation and energy storage options;

f. Enable electricity markets to flourish;

g. Run the grid more efficiently;

h. Enable penetration of intermittent power generation sources;

i. Create a platform for deployment of a wide range of energy technologies and management services;

j. Enable and support the sale of demand response, energy efficiency, distributed generation, and storage into wholesale energy markets as a resource, on equal footing with traditional generation resources; and

k. Significantly reduce the total environmental footprint of the current electric generation and delivery system in California.

Each Smart Grid Vision Statement must also include three sections addressing: (a) Smart Market; (b) Smart Customer; and (c) Smart Utility. Each section should also discuss how the Smart Grid will benefit customers and help meet environmental laws and policies contained in the Public Utilities Code.

4. Pacific Gas and Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company each shall include in its Smart Grid Deployment Plan an inventory of current Smart Grid infrastructure investments and a baseline assessment of privacy and security issues affecting the Smart Grid. Each plan must answer the following questions concerning the data of customers:

a. What data is the utility now collecting?

b. For what purpose is the data being collected?

c. With whom will the utility currently share the data?

d. How long will the utility currently keep the data?

e. What confidence does the utility have that the data will is accurate and reliable enough for the purposes for which the data will be used?

f. How does the utility protect the data against loss or misuse?

g. With whom does the utility share customer information and energy data currently? With whom does the utility reasonable foresee sharing data in the future? What does the utility anticipate is or will be the purpose for which the third party will use the data? What measures are or will be employed by the utility to protect the security and privacy of information shared with other entities? What limitations and restrictions will the utility place on third-part use and retention of data and on downstream sharing? How will the utility enforce those limitations and restrictions?

h. How do individuals have access to the data about themselves? and

i. What audit, oversight and enforcement mechanisms does the utility have in place to ensure that the utility is following its own rules?

5. Pacific Gas and Electric Company, Southern California Edison Company and San Diego Gas & Electric Company each shall include in its Smart Grid Deployment Plan a Smart Grid Strategy section that explains how the utility will ensure that its Smart Grid investments deliver benefits to its customers and how the utility will prioritize its technology evaluation and deployment efforts against the goals in Senate Bill 17 and promote the goals of General Order 156. In addition, the Smart Grid Strategy section must explain how the utility will evaluate whether using existing communications infrastructure can reduce the costs of deploying the Smart Grid. The Smart Grid Strategy section must also consider how interoperability standards will be used and how the utility will minimize the risk of stranded costs in cases where consensus standards are evolving.

6. Pacific Gas and Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company each shall describe and discuss its plans for adopting and developing interoperable architecture designed to protect the privacy of customer data.

7. Pacific Gas and Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company each shall include in its Smart Grid Deployment Plan a section on Grid Security and Cyber Security Strategy.

8. Pacific Gas and Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company each shall use, in the section on Grid Security and Cyber Security Strategy in its Smart Grid Deployment Plan, the guidance documents that the National Institute of Standards and Technology and the United States Department of Homeland Security have developed or are developing to promote cyber security. Specifically, cyber security sections must use the latest versions of the following three documents to guide their preparations:

a. Security Profile for Advanced Metering Infrastructure, v 1.0, Advanced Security Acceleration Project - Smart Grid, December 10, 2009;

b. Catalog of Control Systems Security: Recommendations for Standards Developers, United States Department of Homeland Security, National Cyber Security Division, September; and

c. United States Department of Homeland Security Cyber Security Procurement Language for Control Systems.

For each applicable requirement in the documents listed above, cyber security sections shall state (1) what testing or analysis has been performed (or will be performed or relied on if testing was performed by another entity) to gauge a system against the guidelines; (2) what results were obtained from this testing or analysis; and (3) what criteria were used to determine whether specific requirements are inapplicable.

9. Pacific Gas and Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company each shall include in the section on Grid Security and Cyber Security Strategy in its Smart Grid Deployment Plan a discussion of its security strategy and how it used National Institute of Standards and Technology guidance documents and best industry practices in developing its plan.

10. Pacific Gas and Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company each shall answer in the section on Grid Security and Cyber Security Strategy in its Smart Grid Deployment Plan the following questions concerning the security of customer information:

a. What types of information about customers are or will be collected via the smart meters, and what are the purposes of the information collection? Could the information collection be minimized without failing to meet the specified purposes?

b. Does the utility have or expect to have other types of devices, such as programmable communicating thermostats, which can collect information about customers? If so, what types of information are collected, and what are the purposes of the information collection? Could the information collection be minimized without interfering with the specified purposes?

c. What types of information, if any, does the utility plan to collect from the smart meter and Home Area Network gateway?

d. How frequently will the utility take readings from the smart meter? Is this frequency subject to change? Will customers control this frequency?

e. For each type of information identified above, for what purposes will the information be used? The purposes must be articulated with specificity, e.g., "targeted marketing" instead of "promoting energy efficiency."

f. For each type of information collected, for how long will the information be retained, and what is the purpose of the retention? Could the retention period be shortened without failing to meet the specified purpose?

g. With whom does the utility share customer information and energy data currently? With whom does the utility reasonable foresee sharing data in the future? What does the utility anticipate is or will be the purpose for which the third party will use the data? What measures are or will be employed by the utility to protect the security and privacy of information shared with other entities? What limitations and restrictions will the utility place on third-part use and retention of data and on downstream sharing? How will the utility enforce those limitations and restrictions?

h. What measures are or will be employed by the utility to protect the security of customer information?

i. Has the utility audited or will it audit its security and privacy practices, both internally and by independent outside entities? If so, how often will there be audits? What are the audit results to date, if any?

11. Pacific Gas and Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company each shall include in its Smart Grid Deployment Plan a Smart Grid Roadmap that projects the timing of the utility's Smart Grid investments and how they relate to state policy requirements.

12. Pacific Gas and Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company each shall include in the Cost Estimate section of its Smart Grid Deployment Plan estimated costs for the Smart Grid for the next five years.

13. Pacific Gas and Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company each shall include in the Benefit Estimate section an evaluation of Smart Grid benefits and a discussion of the extent to which the Smart Grid avoids the need for other investments.

14. Pacific Gas and Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company each shall seek approval of Smart Grid investments either through an application and/or through General Rate Cases.

15. Pacific Gas and Electric Company, Southern California Edison Company, and San Diego Gas & Electric Company each shall file an annual report in Rulemaking 08-12-009 on the status of Smart Grid investments commencing October 1, 2012 and annually thereafter through October 1, 2020. The filing of the annual reports will not reopen this proceeding after it is closed. Each annual report must cover Smart Grid investments up to July 1 of the year in which the report is filed, and must include the following:

a. A summary of the utility's deployment of Smart Grid technologies during the past year (July through June) and its progress toward meeting its Smart Grid Deployment Plan;

b. The costs and benefits of Smart Grid deployment to ratepayers during the past year, including a monetary estimate, to the extent possible, of the health and environmental benefits that may arise from the Smart Grid;

c. Current initiatives for Smart Grid deployments and investments;

d. Updates to the utility's security risk assessment and privacy threat assessment; and

e. The utility's compliance with North American Electric Reliability Corporation security rules and other security guidelines and standards as identified by the National Institute of Standards and Technology and adopted by the Federal Energy Regulatory Commission.

16. Rulemaking 08-12-009 remains open for further consideration of metrics to be used to assess progress toward the implementation of a Smart Grid, of matters pertaining to privacy and security, and other matters within the scope of this proceeding.

This order is effective today.

Dated June 24, 2010, at San Francisco, California

378 Available at: http://osgug.ucaiug.org/utilisec/amisec/Shared%20Documents/AMI%20Security%20Profile%20(ASAP-SG)/AMI%20Security%20Profile%20-%20v1_0.pdf.

Previous PageTop Of PageGo To First Page