FERC, CFTC, and State Energy Law Developments

Putting aside the climate change politics swirling around US President Donald Trump’s recent executive order on “Promoting Energy Independence and Economic Growth,” what does the order mean for the nation’s electric generation portfolio? Can the gradual decline in the role of coal-fired generation be reversed?

The executive order, released on March 28, 2017, calls for increased domestic energy production from coal, natural gas, nuclear material, and other domestic sources, explicitly balancing the need to “promote clean and safe development” of energy resources with “avoiding regulatory burdens that unnecessarily encumber energy production, constrain economic growth, and prevent job creation.” In addition to revoking various Obama-era executive orders on climate change and carbon emissions and rescinding various reports issued by federal agencies on these topics, the executive order also directs the Environmental Protection Agency (EPA) to review the Clean Power Plan in the context of the domestic production policy adopted in the executive order and to, “as soon as practicable, suspend, revise, or rescind” the rule.  

Earlier this month, the North American Electric Reliability Corporation (NERC) submitted proposed changes to Reliability Standard CIP-003 to modify the cybersecurity protections required for low-impact BES Cyber Systems. In response to FERC’s directives in Order No. 882, the new CIP-003-7 Standard (i) clarifies electronic access control requirements, (ii) adds requirements related to the protection of transient electronic devices, and (iii) requires utilities to have documented cybersecurity policies related to declaring and responding to CIP Exceptional Circumstances for low-impact BES Cyber Systems. The key changes are as follows:

Electronic Access Control Requirements

Utilities will be required to implement electronic access controls to permit only necessary inbound and outbound access to low-impact BES Cyber Systems for certain communications, whether direct or indirect, using routable protocols. This resolves the dispute regarding the existence of Low-Impact External Routable Connectivity (LERC) from an asset with a low-impact BES Cyber System, and the need to implement a Low-Impact BES Cyber System Electronic Access Point (LEAP) for the control of communications into the asset. Under the proposed standard, the LERC and LEAP concepts are discarded, and instead utilities are required to implement certain electronic access controls for all routable connections into and out of assets with low-impact BES Cyber Systems, regardless of whether those connections are direct or indirect.

Protection of Transient Electronic Devices

Under the proposed standard, utilities are also required to implement plans to protect transient electronic devices (e.g., laptops) with the goal of mitigating the risk of malicious code being introduced to low-impact BES Cyber Systems by, for example, a relay technician testing protection systems in a substation. The requirements differentiate between transient cyber assets managed by a utility and those managed by third parties such as vendors and contractors.

CIP Exceptional Circumstances Policy

NERC is also proposing changes that would require utilities to have policies for declaring and responding to CIP Exceptional Circumstances related to low-impact BES Cyber Systems. A CIP Exceptional Circumstance includes, among other situations, a risk of injury or death; natural disasters; civil unrest; imminent or existing hardware, software, or equipment failures; and cybersecurity incidents requiring emergency assistance. During a CIP Exception Circumstance, certain CIP requirements can be waived.

These revisions are the result of a lengthy stakeholder development process, and ultimately received strong support from the industry in stakeholder voting. The revisions also close the gaps in the CIP-003 Reliability Standard identified by FERC. As a result, the revised standard is likely to be approved by FERC. However, to the extent utilities have concerns over the substance or clarity of the proposed language, the upcoming notice and comment process at FERC will provide the last good opportunity to receive binding guidance from the Commission or challenge the language in the new standard.

The North American Electric Reliability Corporation (NERC) recently submitted two proposed Reliability Standards to improve the real-time data exchange capabilities of Reliability Coordinators, Transmission Operators, and Balancing Authorities. The modified Reliability Standards (IRO-002-5 and TOP-001-4) add new obligations requiring Reliability Coordinators, Transmission Operators, and Balancing Authorities to have real-time data exchange capabilities with redundant and diversely routed data exchange infrastructure within their primary control centers. These entities would also be required to test their redundant functionality at least every 90 days. 

At its last open meeting on Jan. 19, 2017, the Federal Energy Regulatory Commission (FERC) issued a policy statement that serves to reaffirm FERC’s efforts to encourage the development of electric storage resources. Of all the publications from FERC so far in calendar year 2017, this policy statement is one of the most important for entities in the electric power sector.

Read the full article.

Energy partner Ken Kulak recently participated in an Energy Policy Now podcast produced by the Kleinman Center for Energy Policy at the University of Pennsylvania. During the podcast, Ken discussed the Federal Energy Regulatory Commission’s (FERC’s) Notice of Proposed Rulemaking (NOPR) on electric storage, highlighting several issues raised in the NOPR regarding the development of “participation models” for electric storage and distributed energy resources in organized electricity markets. Comments to the FERC NOPR are due by February 13, 2017.

The White House’s newly released National Electric Grid Security and Resilience Action Plan contains dozens of directives to various federal agencies for enhancing the electric grid’s resilience in the face of cyber threats, physical attacks, and natural disasters. Many of the directives build on different programs that federal agencies already run, but for the first time, this action plan synthesizes those disparate initiatives and focuses them on three goals: protecting the grid’s vulnerabilities, improving responses to contingencies, and building a more resilient system.

Notably, the action plan realizes that many of these directives can only be achieved with public utilities’ participation and that cost recovery of investments for grid resiliency is essential if the government expects significant private investment to address the existing system vulnerabilities.

Read the full LawFlash: White House Releases Checklist to Improve Grid Resiliency.

This week, FERC submitted its annual financial report to the US Congress. Although part of the regular slate of voluminous reports sent up to Capitol Hill each year, FERC’s report often includes certain nuggets of information useful to the regulated community.

Buried in the report this year was a reminder that FERC—for the first time—has adjusted the civil monetary penalties that it may administer in response to violations of its rules.

As of July 16, 2016, the following civil monetary penalties apply:

  • $1,193,970 per violation, per day for violations of any provision of Part II of the Federal Power Act (FPA) or FERC’s regulations and orders thereunder, including the electric market manipulation provisions of the FPA and mandatory reliability standards.
  • $1,193,970 per violation, per day for violations of the Natural Gas Act or FERC’s implementing regulations and orders thereunder, including the natural gas market manipulation provisions.
  • $1,193,970 per violation, per day for violations of the Natural Gas Policy Act or FERC’s implementing regulations and orders thereunder.

FERC’s various organic statutes contain a variety of other miscellaneous civil penalty provisions as well, all of which were raised.

These adjustments were formally implemented through Order No. 826 in response to the Federal Civil Penalties Inflation Adjustment Act of 2015 and were the first modifications to the significant civil penalty authority given to FERC in the Energy Policy Act of 2005. Under the law, FERC will be required to update its monetary penalty amounts every January 15.

On December 7, the Energy Bar Association sponsored a discussion on FERC-led audits of entities’ compliance with the North American Electric Reliability Corporation’s (NERC’s) critical infrastructure protection (CIP) Reliability Standards. Staff members from FERC and NERC led the discussion and fielded questions from industry participants. This session provided the first public peek into the process for the CIP audits.

While FERC has the authority to conduct its CIP audits with or without NERC and the regional entities charged with front-line enforcement of the Reliability Standards, the panelists explained that FERC wanted to coordinate with NERC and the regional entities to leverage their collective compliance and enforcement experience.

On November 17, FERC adopted regulations to enhance the protection of Critical Energy Infrastructure Information (CEII) using its new statutory authority from the Fixing America’s Surface Transportation Act (FAST Act), which added Section 215A to the Federal Power Act.

In addition to finalizing the new protections for CEII promised in the initial notice of proposed rulemaking, the final rule also adopts a prohibition on the disclosure of CEII under the Freedom of Information Act (FOIA). The FAST Act had, for the first time, exempted CEII from FOIA disclosure. In the past, FERC had taken the position that it would not disclose CEII in response to FOIA requests, but there was no explicit statutory basis for doing so. With the new statute and implementing regulations, there is no longer any legal doubt regarding the FOIA-exempt nature of CEII.

Despite the apparent strict nature of these protections, the degree to which CEII will be protected remains to be seen. Although CEII is FOIA-exempt under the FAST Act, FERC continues to provide procedures whereby interested parties can submit requests for CEII and be granted access if such interested parties show a legitimate need and commit to non-disclosure. In the past, FERC has generally been willing to share CEII upon request; the new regulations provide modest additional regulatory procedures for such requests, but it is possible that FERC will continue its policy of making CEII easily available to interested parties. The language in the FAST Act does allow FERC to decline to disclose CEII, but—so far—FERC has not chosen to take that route.

In a final rule issued on September 22, the Federal Energy Regulatory Commission (FERC) established requirements for certain entities to assess the vulnerability of their transmission systems to geomagnetic disturbance (GMD) events. Such events occur when the sun ejects charged particles that interact and cause changes in the earth’s magnetic fields.

Reliability Standard TPL-007-1 (Transmission System Planned Performance for Geomagnetic Disturbance Events) sets requirements for certain transmission and generator owners, planning coordinators, and transmission planners to assess the vulnerability of their systems to a benchmark GMD event, described as a “one-in-100-year” event. Those entities are required to develop

  • system models necessary to complete the vulnerability assessments at least once in every 60 calendar months and
  • criteria for acceptable steady state voltage performance during a benchmark GMD event.