FERC, CFTC, and State Energy Law Developments

The New Jersey Board of Public Utilities (BPU) recently released its first annual report on the development of offshore wind in New Jersey (the Report). The Report comes one year after Governor Phil Murphy released Executive Order No. 8, which directed the BPU and other agencies to implement the Offshore Wind Economic Development Act (OWEDA).

The New Jersey Board of Public Utilities (BPU) approved the nation’s largest single-state offshore wind solicitation in the United States on September 17, 2018, with an Order opening up an application window for the solicitation of 1,100 megawatts (MW) of offshore wind capacity. Stakeholders anticipate additional procurements in light of the BPU’s announcement that it intends to solicit an additional 2,400 MW, in two tranches of 1,200 MW, by 2022.

The first application window closed on December 28, 2018. Three applications were submitted to the BPU. Successful applicants in the current procurement will receive state subsidies in the form of Offshore Wind Renewable Energy Credits (ORECs). To be eligible for BPU approval, applicants will need to demonstrate that, among other things, their project (i) will have a positive net in-state economic and environmental benefit; (ii) will have a “reasonable ratepayer impact;” and (iii) is likely to be constructed on time and on budget.

The US Government Accountability Office (GAO) issued a report on December 18, 2018, identifying significant weaknesses in the Department of Homeland Security’s (DHS) Transportation Security Administration’s (TSA) Pipeline Security Program management and recommending improvements to address those weaknesses. The report was driven by a recognition that “pipelines increasingly rely on sophisticated networked computerized systems and electronic data, which are vulnerable to cyber attack or intrusion,” and that “new threats to the nation’s pipeline systems have evolved to include sabotage by environmental activists and cyber attack or intrusion by nations.”

In a narrow 50-49 vote, the US Senate on December 6 confirmed Bernard L. McNamee, the current head of the US Department of Energy’s Office of Policy, to join the Federal Energy Regulatory Commission. Mr. McNamee, the third Republican on the five-member Commission, was nominated by President Donald Trump in October to fill the vacant seat formerly occupied by former Commissioner Robert Powelson, who stepped down earlier this year. Once Mr. McNamee is sworn in, the Commission will return to full strength, with two Democratic and three Republican appointees.

The Senate Energy and Natural Resources Committee on November 15 favorably advanced the nominations of Dr. Rita Baranwal (Assistant Secretary of Energy (Nuclear Energy)) and Bernard McNamee (Member, Federal Energy Regulatory Commission) to the full US Senate.

Eighteen governors, members of the Governors’ Wind & Solar Energy Coalition, issued an open letter on November 9 to the Federal Energy Regulatory Commission (FERC) to encourage the development of needed electric transmission that they claim existing federal efforts are insufficient to address.

The Federal Energy Regulatory Commission (FERC or the Commission) Office of Enforcement (OE) issued its 2018 Report on Enforcement on November 15. The report provides a review of OE’s activities during fiscal year 2018 (FY 2018), which begins October 1 and ends September 30 annually. Like last year, the report reveals likely areas of focus for FERC enforcement in the coming year, and provides guidance to the industry based on the wide variety of enforcement matters that are otherwise non-public by synthesizing some of the more disparate developments from audits, market surveillance, and other enforcement activities for the benefit of industry stakeholders.

On October 18, the Federal Energy Regulatory Commission (FERC or Commission) issued Order No. 850, adopting a suite of reliability standards proposed by the North American Electric Reliability Corporation (NERC) to address the cybersecurity risks posed by supply chains for industrial control system assets and services in critical electric utility environments. The final rule largely adopts the proposals from the Commission’s Notice of Proposed Rulemaking (NOPR). But the Commission also directs NERC to expand the scope of the new requirements to include Electronic Access or Control Monitoring Systems (EACMS) and to evaluate the need to further expand the scope of the requirements to include Physical Access Control Systems (PACS) and Protected Cyber Assets (PCAs).

Despite fears that the Commission would shorten the implementation period for the new requirements, the Commission adopted the 18-month implementation period that was originally proposed by NERC.

American national security officials believe that spies working on behalf of an adversarial nation-state successfully carried out an attack against US companies by compromising a key hardware supply chain, according to a report issued October 4 by Bloomberg Businessweek. The report details how the attackers implemented a “seeding” attack by installing tiny, malicious microchips on motherboards—a type of computer circuit board that houses processing and other essential components—that were assembled in Chinese factories. The exploit apparently had a ripple effect, as the compromised motherboards were ultimately installed in commercial servers that are widely distributed in the United States. One official estimates that the attack affected almost 30 companies, including a major bank and government contractors, and may have enabled the attackers to communicate with or infiltrate the sabotaged servers.

The North American Electric Reliability Corporation (NERC) on September 18 requested Federal Energy Regulatory Commission (FERC) approval of a new Critical Infrastructure Protection (CIP) Reliability Standard, CIP-012-1. The proposed standard would require electric utilities with defined “Control Centers” to implement controls that protect sensitive data communicated between any applicable control centers. Driving the standard is a concern that these control centers can only perform their real-time reliability functions if they can receive and transmit sensitive operational data in a secure manner.