SENATE, No. 647






      The Senate Budget and Appropriations Committee reports favorably Senate Bill No. 647 SCS.

      This bill revises the cybersecurity, asset management, and related reporting requirements in the “Water Quality Accountability Act” (WQAA), and requires the Department of Environmental Protection (DEP) and the Board of Public Utilities (BPU) to adopt rules implementing the WQAA.

      The WQAA currently requires water purveyors to develop cybersecurity programs.  The bill requires water purveyors to update their cybersecurity programs to meet new requirements within 120 days after its effective date.  These new requirements include updating cybersecurity programs to apply to all of the public water system’s industrial control systems, reasonably conforming these programs to the most recent version of certain industry-recognized cybersecurity frameworks, and annually certifying compliance with these requirements.  The bill also requires water purveyors, beginning 90 days after its effective date, to immediately report to the New Jersey Cybersecurity and Communications Integration Cell certain cybersecurity incidents.  The bill also deletes the exemption for water purveyors that do not have an internet-connected control system.

      The WQAA currently requires water purveyors, as part of their asset management plans, to develop a water main renewal program designed to achieve a 150-year replacement cycle, or other appropriate replacement cycle as determined by a detailed engineering analysis.  The bill specifies that water main renewal programs have to be designed to achieve a 150-year or shorter replacement cycle.  Additionally, the bill requires each water purveyor, within one year after its effective date and every three years thereafter, to submit to the DEP a more detailed report based on its asset management plan.  The report is to identify: (1) the infrastructure improvements completed in the past three years and the cost of those improvements; (2) the infrastructure improvements planned to be undertaken in the next three years and the estimated cost of those improvements; and (3) the infrastructure improvements that will be required over the next 10 years and the estimated cost of those improvements.  The bill also requires a water purveyor to provide, upon request, a copy of its asset management plan to the DEP, the BPU, or the Division of Local Government Services in the Department of Community Affairs.

      The bill further requires water purveyors, within 18 months after its effective date, to revise their asset management plans to include: (1) a comprehensive inventory, mapping, and condition assessment of the public water system’s assets; (2) level of service goals for the public water system; (3) a priority order in which the public water system’s assets will be repaired or replaced as part of the water purveyor’s asset management plan; (4) the life cycle costs of the public water system’s assets; and (5) a long-term funding strategy to implement the water purveyor’s asset management plan.  Additionally, water purveyors are required to post the annual certification, required by the WQAA, t on their Internet websites, if applicable.

      Under the WQAA, the DEP is currently permitted, but not required, to adopt rules implementing the WQAA.  The bill requires the DEP and the BPU to adopt such rules as are necessary to carry out the WQAA.  In addition to this general directive to adopt rules, the bill specifically requires the DEP to adopt rules implementing certain new asset management plan requirements and establishing a schedule of civil penalties for violations of the WQAA, and clarifies that the BPU is to adopt its water purveyor cybersecurity program requirements as rules.

      The bill also requires the DEP, within one year after its effective date and annually thereafter, to develop and publish on its Internet website a report card for each water purveyor in the State, indicating the water purveyor’s compliance with federal and State drinking water quality standards, its compliance with the requirements of the WQAA, and any other factors the DEP deems appropriate.  The report card is to be designed to inform the public about the overall condition of a public water system, and the quality of water coming from the public water system.

      Additionally, the bill requires the DEP, within 18 months after its effective date and every three years thereafter, to conduct an assessment of certain data submitted by water purveyors under the WQAA.  The assessment is to include, but need not be limited to, an analysis of the total, Statewide estimated cost of infrastructure improvements to water purveyors required over the next 10 years.  The report is also to include an assessment of the compliance of public water systems with the requirements of the WQAA.  The department is to submit a report containing the results of each such assessment to the Governor and the Legislature.



      The Office of Legislative Services (OLS) determines that this bill will lead to an indeterminate annual expenditure increase for publicly-owned water purveyors, including State entities, certain municipalities, and municipal and regional water authorities. The OLS cannot quantify this increase due to the unavailability of information about the extent of water purveyors' existing cybersecurity programs and asset management plans.

      The OLS finds that the bill would also result in indeterminate annual State expenditure increases by imposing additional administrative tasks on the DEP, the BPU, and the Office of Homeland Security and Preparedness.  For example, the bill requires both DEP and BPU to adopt rules to implement the WQAA and to review more complicated asset management and cybersecurity plans from water purveyors.  It is possible, however, that these additional administrative responsibilities could be absorbed within departmental budgets using existing staff.