Earlier this month, the North American Electric Reliability Corporation (NERC) submitted proposed changes to Reliability Standard CIP-003 to modify the cybersecurity protections required for low-impact BES Cyber Systems. In response to FERC’s directives in Order No. 882, the new CIP-003-7 Standard (i) clarifies electronic access control requirements, (ii) adds requirements related to the protection of transient electronic devices, and (iii) requires utilities to have documented cybersecurity policies related to declaring and responding to CIP Exceptional Circumstances for low-impact BES Cyber Systems. The key changes are as follows:

Electronic Access Control Requirements

Utilities will be required to implement electronic access controls to permit only necessary inbound and outbound access to low-impact BES Cyber Systems for certain communications, whether direct or indirect, using routable protocols. This resolves the dispute regarding the existence of Low-Impact External Routable Connectivity (LERC) from an asset with a low-impact BES Cyber System, and the need to implement a Low-Impact BES Cyber System Electronic Access Point (LEAP) for the control of communications into the asset. Under the proposed standard, the LERC and LEAP concepts are discarded, and instead utilities are required to implement certain electronic access controls for all routable connections into and out of assets with low-impact BES Cyber Systems, regardless of whether those connections are direct or indirect.

Protection of Transient Electronic Devices

Under the proposed standard, utilities are also required to implement plans to protect transient electronic devices (e.g., laptops) with the goal of mitigating the risk of malicious code being introduced to low-impact BES Cyber Systems by, for example, a relay technician testing protection systems in a substation. The requirements differentiate between transient cyber assets managed by a utility and those managed by third parties such as vendors and contractors.

CIP Exceptional Circumstances Policy

NERC is also proposing changes that would require utilities to have policies for declaring and responding to CIP Exceptional Circumstances related to low-impact BES Cyber Systems. A CIP Exceptional Circumstance includes, among other situations, a risk of injury or death; natural disasters; civil unrest; imminent or existing hardware, software, or equipment failures; and cybersecurity incidents requiring emergency assistance. During a CIP Exception Circumstance, certain CIP requirements can be waived.

These revisions are the result of a lengthy stakeholder development process, and ultimately received strong support from the industry in stakeholder voting. The revisions also close the gaps in the CIP-003 Reliability Standard identified by FERC. As a result, the revised standard is likely to be approved by FERC. However, to the extent utilities have concerns over the substance or clarity of the proposed language, the upcoming notice and comment process at FERC will provide the last good opportunity to receive binding guidance from the Commission or challenge the language in the new standard.

The North American Electric Reliability Corporation (NERC) recently submitted two proposed Reliability Standards to improve the real-time data exchange capabilities of Reliability Coordinators, Transmission Operators, and Balancing Authorities. The modified Reliability Standards (IRO-002-5 and TOP-001-4) add new obligations requiring Reliability Coordinators, Transmission Operators, and Balancing Authorities to have real-time data exchange capabilities with redundant and diversely routed data exchange infrastructure within their primary control centers. These entities would also be required to test their redundant functionality at least every 90 days. 

On February 17, 2017, California Senate President pro Tempore Kevin de León (D-Los Angeles) proposed legislation (SB 584) that would require California to generate 100% of its electricity from renewable sources by 2045. The bill also would require California to reach an interim goal of 50% renewable by the end of 2025, accelerating the 50%-by-2030 mandate currently in place. If approved, SB 584 would match Hawaii’s renewable portfolio standard (RPS), which is currently the most aggressive RPS in the United States.

Read the full LawFlash on our website.

On February 24, 2017, US President Donald Trump issued an executive order on regulatory reform, directing federal agencies to take steps to strengthen their implementation of various executive orders from the Trump, Obama, and Clinton administrations intended to reduce the burden of federal regulations on business.

Under the new Executive Order on Enforcing the Regulatory Reform Agenda, each agency is directed to appoint a Regulatory Reform Officer to chair a Regulatory Reform Task Force to implement the executive order at the agency. The task force is charged with identifying those regulations that reduce employment; are “outdated, unnecessary, or ineffective”; have costs exceeding their benefits; interfere with regulatory reform efforts; rely on information that is not transparent or publicly available; or implement rescinded or substantially modified prior executive directives. Once those regulations are identified, an agency’s Regulatory Reform Task Force will recommend whether the regulations should be repealed, replaced, or modified. The new executive order also directs that agencies prioritize those regulations flagged as “outdated, unnecessary, or ineffective” when implementing the regulatory offsets required by an earlier White House directive (Executive Order 13771), which, among other things, directed agencies to repeal two existing regulations for each new regulation.

At its last open meeting on Jan. 19, 2017, the Federal Energy Regulatory Commission (FERC) issued a policy statement that serves to reaffirm FERC’s efforts to encourage the development of electric storage resources. Of all the publications from FERC so far in calendar year 2017, this policy statement is one of the most important for entities in the electric power sector.

Read the full article.

Energy partner Ken Kulak recently participated in an Energy Policy Now podcast produced by the Kleinman Center for Energy Policy at the University of Pennsylvania. During the podcast, Ken discussed the Federal Energy Regulatory Commission’s (FERC’s) Notice of Proposed Rulemaking (NOPR) on electric storage, highlighting several issues raised in the NOPR regarding the development of “participation models” for electric storage and distributed energy resources in organized electricity markets. Comments to the FERC NOPR are due by February 13, 2017.

Energy companies that offer group health plans to their employees should check on the plan’s administration to minimize any litigation risk associated with inadequate compliance with the Consolidated Omnibus Budget Reconciliation Act (COBRA) continuation coverage requirements. Four companies have recently been accused of failing to provide COBRA notices to participants in their group health plans.

To learn more, read COBRA: Back to Basics published on our ML BeneBits blog.

Morgan Lewis’s energy team has been named as a Law360 Practice Group of the Year for 2016. The Morgan Lewis team was one of only four chosen from a group of practices at more than 600 firms considered for the distinction. This is the second time in the seven-year history of the contest that the firm’s energy team has earned the national recognition.

Law360’s annual Practice Group of the Year series honors law firm practices that have played an integral role in the year's most significant litigation victories or deals, based on the size, complexity, and importance of the cases. Morgan Lewis’s energy team is one of the few that handled landmark transactions, litigation, and regulatory proceedings in 2016 on behalf of industry leaders across the nuclear, electric, oil and gas, and renewables sectors.

The team will be profiled by Law360 on January 24.

FERC claims that the change in the nation’s generation mix and increase in interconnection requests necessitate reforms to improve the efficiency and transparency of the interconnection process.

A recent Law360 (Energy) article written by Morgan Lewis energy partners Levi McAllister, Dan Skees, and Kirstin Gibbs covers FERC’s recent Notice of Inquiry (NOI) that represents the first step in changes to the treatment of income taxes for ratemaking and cost recovery purposes. 

The outcome of the NOI will likely affect all oil and gas pipelines and electric utilities organized as pass-through entities and charging cost-of-service rates.

Read the full article.