Choose Site
FERC, CFTC, and State Energy Law Developments
American national security officials believe that spies working on behalf of an adversarial nation-state successfully carried out an attack against US companies by compromising a key hardware supply chain, according to a report issued October 4 by Bloomberg Businessweek.
The Federal Energy Regulatory Commission (FERC or the Commission) issued Order No. 848 on July 19, directing the North American Electric Reliability Corporation (NERC) to augment the cyber incident reporting requirements under the Critical Infrastructure Protection (CIP) reliability standards.
Officials at the US Department of Homeland Security (DHS) confirmed yesterday to The Wall Street Journal that state-sponsored hackers successfully gained remote access to the control rooms of US electric utilities and likely had the ability to disrupt power flows.
On July 19, the Federal Energy Regulatory Commission (FERC) approved most of the revisions proposed by a North American Electric Reliability Corporation (NERC) petition to revise NERC’s rules of procedure (ROP) on operator certification, but rejected certain key changes. FERC concluded that NERC’s proposal to remove those provisions would strip substantive rules from the ROP and move them to NERC manuals, thus defeating the efficacy of FERC review because the ROP is subject to FERC review and approval but NERC manuals are not.
The Commissioners of the Federal Energy Regulatory Commission (FERC or the Commission) testified on June 12 at an oversight hearing before the Senate Committee on Energy and Natural Resources.
The Nuclear Regulatory Commission (NRC) and the Federal Energy Regulatory Commission (FERC) entered into a Memorandum of Understanding (MOU) on June 6 regarding the care and protection of critical energy/electric infrastructure information (CEII).
The commissioners from the Federal Energy Regulatory Commission (FERC) and the Nuclear Regulatory Commission (NRC) held a joint meeting on June 7 to discuss grid reliability and cybersecurity. FERC and NRC staff provided presentations on the recent and ongoing activities of both agencies to promote a stable, resilient, and secure grid.
The White House announced late last week that President Donald Trump has directed Energy Secretary Rick Perry to “prepare immediate steps to stop the loss” of “fuel-secure power facilities,” noting that near-term retirements of these facilities could lead to “a rapid depletion of a critical part of our nation’s energy mix, and impact the resilience of our power grid.”

On the heels of the news reports describing cyberattacks on the energy sector that have continued to accumulate over the last few years, the US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) issued a technical alert on March 15 describing ongoing attacks on critical infrastructure by hackers associated with the Russian government. 

The North American Electric Reliability Corporation (NERC) filed a Notice of Penalty summarizing an agreement by an unidentified electric utility to pay a $2.7 million penalty in connection with self-reported violations of the Critical Infrastructure Protection reliability standards related to sensitive data exposure by a vendor.