At its June 18 open meeting, FERC issued a notice of inquiry seeking public input on cybersecurity-related enhancements to the Critical Infrastructure Protection (CIP) reliability standards. In light of the constantly evolving nature of cybersecurity threats to the bulk power system, FERC is interested in determining whether the current CIP standards adequately address specific cyberrisk areas related to data security and cybersecurity incident detection, containment, and mitigation. In addition, FERC is seeking comment on the potential risk of a coordinated cyberattack on geographically distributed targets.
Following the declaration of a global pandemic due to the widespread transmission of the coronavirus (COVID-19), the issuance of shutdown and/or stay-at-home directives cascaded from commercial enterprises and state and local governments across the United States. During this period of extreme disruption to daily routine, the continuity and integrity of energy operations were necessary to ensure that the massive shift to home-based life could exist with minimal business disruption. Front- and back-office personnel engaged in trading energy commodities quickly transitioned to a work-from-home (WFH) posture, ensuring that their firms could preserve market access for production or output while also consummating the transactions needed to procure an adequate fuel source, managing price exposure to highly volatile commodity prices, or executing preexisting trading strategies.
The Federal Energy Regulatory Commission (FERC) issued a notice on May 20 that it will convene a Commissioner-led technical conference to consider the ongoing, serious impacts that the emergency conditions caused by the coronavirus (COVID-19) pandemic are having on the energy industry. The conference will be free, open to the public, and held remotely on Wednesday and Thursday, July 8-9, 2020. Attendees may preregister online here.
In mid-March the Commission began issuing guidance to address the immediate needs of FERC-jurisdictional entities, including various waivers and extensions necessary to assist energy companies with managing their regulatory responsibilities while dealing with the pandemic. The conference will be more forward-looking, and is expected to focus on the potential longer-term impacts from the pandemic on energy companies, energy markets, energy system reliability, and consumer protection.
In response to President Donald Trump’s declaration of a national emergency due to the coronavirus (COVID-19) pandemic, the Pipeline Hazardous Materials Safety Administration (PHMSA) issued a notice that it does not intend to take enforcement action related to certain new gas pipeline safety regulations with which gas pipeline operators must comply by July 1, 2020.
PHMSA stated that it will resume its normal enforcement processes and sanctions after December 31, 2020, but retains the discretion to enforce the July 1, 2020 compliance deadlines in the event of a significant safety issue or if otherwise warranted. Similar to PHMSA’s prior notice of enforcement discretion (which we discussed in our March 27 posting), this notice recognizes that gas pipeline operators may be facing personnel resource constraints due to the COVID-19 pandemic.
The Commodity Futures Trading Commission (CFTC) indicated on April 24 that it is conducting a review of the $40-per-barrel plunge in the WTI crude price that occurred on April 20. The CFTC stated that it is conducting the review to understand why the pricing happened, to ensure that the market functioned properly, and to rule out foul play.
As market participants are no doubt aware, the WTI May contract ultimately settled at negative $37.63 at the close of April 20. That price occurred just the day before the May contract expiry, which reflects the market realization that traders holding long May futures positions must either be prepared to take delivery of the physical WTI following expiry and settlement or find a buying counterparty through which the long position could be liquidated. Given the ongoing international production dispute, the collapse of domestic demand, and the tight storage market at Cushing, Oklahoma (and elsewhere), the inability to take delivery seemingly prompted the historic price crash.
President Donald Trump signed an executive order on May 1 declaring that the use of bulk-power system equipment supplied by companies controlled by certain foreign nations poses an extraordinary threat to the US power grid. The order observes that the bulk-power system is a valuable target for malicious actors, and any attack on that system could pose serious risks to the economy, public health and safety, and national security.
In light of those risks, the executive order declares a national emergency with respect to the power grid and moves to ban the unrestricted import or use of bulk-power system electric equipment from foreign adversaries. Although the order calls for coordination among multiple executive branch heads, including the Director of National Intelligence and the Secretary of Homeland Security, it primarily tasks the Secretary of Energy with fulfilling the President’s directives.
In an order issued on April 17, the Federal Energy Regulatory Commission (FERC) agreed to defer implementation of certain cybersecurity and operational reliability standards administered by the North American Electric Reliability Corporation (NERC) that had important compliance milestones later this year, including the suite of supply chain risk management standards that have been under development for several years and were set to take effect on July 1. The move by FERC is intended to provide some measure of relief from impending compliance burdens and to allow electric utilities to focus their resources on responding to the coronavirus (COVID-19) pandemic.
Read our recent LawFlash discussing the Federal Energy Regulatory Commission’s (FERC) plan to assist regulated entities in managing enforcement- and compliance- related burdens during the ongoing coronavirus (COVID-19) pandemic, particularly FERC plan to exercise prosecutorial discretion regarding events arising during the pandemic.
Commission Chairman Neil Chatterjee held a press conference on March 19 to discuss FERC’s work during the current pandemic, provide updates regarding the coronavirus (COVID-19), and respond to questions from the media. According to today’s announcements, FERC plans to keep operating as usual but will provide extensive flexibility to the regulated industry in addressing the effects of the pandemic on FERC-jurisdictional activities.
FERC and NERC issued a joint notice on Wednesday providing compliance flexibility on certain key reliability standard requirements during the ongoing coronavirus (COVID-19) pandemic. Although this guidance can allow utilities to avoid findings of noncompliance for certain requirements where timely compliance activities could be difficult due to personnel shortages and other limitations, this is not a blanket waiver. Instead, utilities must provide written notices of their intent to use this guidance. The content of those notices must be drafted carefully as they will be necessary to demonstrate compliance in future reviews.
The new flexibility is as follows:
- Due to the limited availability of NERC-certified operators, if a utility cannot provide sufficient certified operators to comply with PER-003 due to COVID-19, the use of noncertified operators is permitted through the end of 2020. In order to take advantage of this flexibility, utilities will need to notify their Regional Entities and Reliability Coordinators (ISO-NE and NYISO). Training requirements, such as those in PER-005, continue to apply.
- Because of the resource limitations during this time period, periodic actions required by the reliability standards that must occur between March 1, 2020, and July 31, 2020, can be missed on a case-by-case basis if the activities cannot be performed due to COVID-19. To use this flexibility, utilities will need to notify their regional entities of the specific actions that will be missed. These periodic requirements exist in both the Operating & Planning standards (such as protection system maintenance and testing) and the Critical Infrastructure Protection standards (such as patching and vulnerability assessments).