Texas RCRA for Energy and Utilities Sector

 

The Resource Conservation and Recovery Act (RCRA) in Texas has specific requirements for energy and utility companies that generate, transport, treat, store, or dispose of hazardous waste. While RCRA is a federal program, Texas has received authorization from the EPA to implement its own program, which is administered by the Texas Commission on Environmental Quality (TCEQ).

 

Key Texas-Specific RCRA Requirements for Energy/Utilities

 

• Texas Waste Code System: Texas uses additional waste codes beyond the federal codes. Energy companies must use Texas Waste Codes (TWCs) alongside federal waste codes when classifying hazardous waste.
• Class 1, 2, and 3 Industrial Waste Classification: Texas classifies non-hazardous industrial waste into three categories that don't exist in the federal RCRA program. Utilities must properly classify their non-hazardous waste according to these Texas-specific standards.
• STEERS Electronic Reporting: Energy and utility companies must submit waste reports through the State of Texas Environmental Electronic Reporting System (STEERS), which has specific cybersecurity requirements for data protection.
• The Texas Risk Reduction Program (TRRP) establishes specific remediation standards for contaminated sites that differ from federal standards.

 

Cybersecurity Requirements for RCRA Compliance in Texas Energy Sector

 

• Electronic Manifesting: Energy companies using the e-Manifest system must implement specific cybersecurity controls to protect the integrity and confidentiality of waste shipment data.
• STEERS Security Requirements: To submit required reports, companies must implement:
  • Strong authentication protocols (multi-factor authentication)
  • Encrypted data transmission
  • Secure credential management
  • Regular security assessments of reporting systems
• Critical Infrastructure Protection: Power plants and utilities classified as critical infrastructure must implement enhanced cybersecurity measures for their RCRA compliance systems to prevent unauthorized access to waste management data.
• Texas-Specific Data Retention: TCEQ requires longer data retention periods than federal RCRA for certain waste records (5 years minimum), requiring secure, tamper-proof storage solutions.

 

Common RCRA Hazardous Wastes in Texas Energy/Utilities

 

• Coal Combustion Residuals (CCR): Texas has specific regulations for coal ash management that require detailed electronic reporting and monitoring with data security provisions.
• Oil and Gas Exploration Wastes: While many are exempt from federal RCRA, Texas regulates these through the Railroad Commission of Texas (RRC) with specific electronic recordkeeping requirements.
• PCB-contaminated Transformer Oil: Electric utilities must maintain secure electronic records of PCB waste tracking that comply with both TCEQ and Texas cybersecurity standards.
• Mercury-containing Equipment: Power plants must maintain secure digital inventories of mercury waste with specific cybersecurity controls to prevent unauthorized access.

 

Cybersecurity Risks in Texas RCRA Compliance

 

• Data Breach Risks: Unauthorized access to waste manifest data could expose sensitive information about hazardous materials locations and quantities, creating security vulnerabilities at energy facilities.
• Reporting System Compromise: Attacks on STEERS reporting infrastructure could result in:
  • Inaccurate waste reporting
  • Compliance failures
  • Potential fines from TCEQ
  • Disruption of waste handling operations
• Texas Grid Integration Concerns: Because ERCOT (Electric Reliability Council of Texas) operates independently from other U.S. power grids, RCRA waste management systems must be specially secured against threats that could impact grid stability.
• Supply Chain Vulnerabilities: Texas energy companies must verify the cybersecurity of waste transportation tracking systems to ensure continuity of operations.

 

Cybersecurity Best Practices for Texas RCRA Compliance

 

• Implement Access Controls: Restrict access to RCRA data systems based on job responsibilities. Only authorized personnel should be able to input, modify, or view waste management data.
• Regular Security Audits: Conduct periodic assessments of all systems used for RCRA compliance, with special attention to Texas-specific reporting requirements.
• Secure Data Backup: Maintain encrypted backups of all RCRA documentation to meet Texas's extended retention requirements while ensuring data integrity.
• Incident Response Planning: Develop specific procedures for responding to cybersecurity incidents that affect RCRA compliance systems, including notification protocols for TCEQ.
• Staff Training: Ensure all personnel handling RCRA data understand both the regulatory requirements and cybersecurity best practices specific to Texas energy operations.

 

Texas-Specific RCRA Enforcement and Penalties

 

• Enhanced Penalties: Texas can impose state penalties (up to $25,000 per day per violation) in addition to federal penalties for RCRA violations, including those related to data security breaches.
• Compliance History Classification: TCEQ maintains a Texas-specific compliance history database that affects enforcement actions. Security breaches affecting RCRA data can negatively impact a facility's compliance rating.
• Supplemental Environmental Projects (SEPs): In lieu of penalties, Texas allows violators to implement SEPs, which may include enhanced environmental data security measures.

 

Getting Help with Texas RCRA Cybersecurity

 

• TCEQ Small Business and Local Government Assistance Program: Provides confidential help with RCRA compliance including secure electronic reporting.
• Texas Environmental Electronic Reporting Help Desk: Offers assistance with secure STEERS implementation and troubleshooting.
• Regional TCEQ Offices: Can provide guidance on region-specific RCRA requirements and cybersecurity best practices for waste management.