FERC, CFTC, and State Energy Law Developments

Following well-publicized threats to the physical security of electric system assets, on March 7, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability Corporation (NERC) to develop mandatory Reliability Standards to protect against physical risks to “critical” electric facilities.[1] Due in 90 days, the Reliability Standards must provide the following:

  • A methodology for identifying the critical facilities to be protected
  • A requirement to identify the critical facilities’ vulnerabilities
  • A requirement that facility owners and operators develop and implement a plan to protect against those vulnerabilities

This order will initiate a NERC Reliability Standards development project addressing comprehensive physical security requirements that must also produce results in a highly compressed timeframe.

On November 22, the Federal Energy Regulatory Commission (FERC or Commission) issued Order No. 791,[1] approving comprehensive revisions to the Critical Infrastructure Protection (CIP) Reliability Standards. The revisions were recently proposed By the North American Electric Reliability Corporation (NERC) to address many of the concerns regarding CIP compliance that have arisen over the last few years as well as to close out the remaining Commission directives ordering changes to the CIP Reliability Standards.

On June 13, 2013, FERC approved a one-year extension for utilities to prepare to implement the new definition of the “bulk electric system” (BES). As a result of this order, the new BES definition approved By FERC in Order No. 773 will not go in effect until July 1, 2014.

In a Notice of Proposed Rulemaking issued on October 18, 2012, FERC proposed to direct NERC to develop reliability standards addressing the risk posed By geomagnetic disturbances (GMDs). As a first stage, FERC proposed to direct NERC to develop a standard within 90 days of the final rule mandating that bulk-power system owners and operators develop operating procedures to mitigate the effects that GMDs have on reliability.

In a Notice of Proposed Rulemaking issued on September 20, 2012, FERC proposed to approve the Northeast Power Coordinating Council’s (NPCC’s) Regional Reliability Standard on Underfrequency Load Shedding (UFLS). The proposed PRC-006-NPCC-1 Regional Reliability Standard (Regional Standard) would address declining system frequency events in coordination with the existing continentwide PRC-006-1 UFLS Standard.

At FERC’s open meeting on April 19, 2012, FERC approved several orders addressing core aspects of Reliability Standards compliance, including cybersecurity Reliability Standards, compliance registration, and contingency planning issues. The newly approved cybsersecurity Reliability Standards significantly increase the scope of facilities subject to those requirements, the compliance registration decisions clarify the jurisdictional boundary between distribution and transmission facilities, and the planning orders represent a rejection of NERC’s approach to planning for firm load loss following a single contingency.

In a move intended to improve the efficiency of the Reliability Standard violation enforcement process, the Federal Energy Regulatory Commission (FERC or the Commission) yesterday approved the North American Electric Reliability Corporation's (NERC's) "Find, Fix & Track" (FFT) enforcement proposal. The FFT process should provide NERC and the Regional Entities with increased flexibility to address low-risk Reliability Standard violations, avoiding the need for a lengthy settlement process for minor violations that pose little risk to bulk-power system reliability. While NERC will continue to report all violations, this change will eliminate—for those low-risk violations selected for FFT treatment—the extensive mitigation and settlement paperwork that historically accompanied minor violations. Despite this increased flexibility for NERC and the Regional Entities, the Commission promised strict oversight of this process.

Read more...

On February 14, a bipartisan group of senators introduced to the U.S. Senate the Cybersecurity Act of 2012, under which the Department of Homeland Security (DHS) would assess the risks and vulnerabilities of critical infrastructure systems and develop security performance requirements for the systems and assets designated as covered critical infrastructure. The bill is sponsored By Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (I-CT), committee ranking member Susan Collins (R-ME), Commerce Committee Chairman Jay Rockefeller (D-WV), and Select Intelligence Committee Chairman Dianne Feinstein (D-CA). As explained in the statement announcing the measure, "[t]he bill envisions a public-private partnership to secure those systems, which, if commandeered or destroyed By a cyber attack, could cause mass deaths, evacuations, disruptions to life-sustaining services, or catastrophic damage to the economy or national security."

Read more...

Please join us for an all-day conference addressing strategies and trends in cyber risk and cybersecurity for the nation's energy infrastructure.

The Obama administration, Congress, and federal regulators continue to increase their focus on cyber risks to U.S. energy infrastructure. At the same time, businesses themselves have sought to increase the resistance of the energy sector to cyber attacks through voluntary public-private partnerships and similar nonregulatory efforts.

On January 30, 2012, Federal Energy Regulatory Commission (FERC or Commission) Staff issued a white paper outlining a proposal to guide the Commission in advising the Environmental Protection Agency (EPA) on requests for administrative orders (AOs) extending the time for power plants to comply with EPA's Mercury and Air Toxics Standards (MATS) based on system reliability concerns.[1] EPA stated in a Final Rule that, in considering such requests, it will seek advice from FERC as well as certain other entities with reliability expertise.[2] FERC Staff recommends that requests for AOs be filed with the FERC Secretary's office on an informational basis and assigned to the Office of Electric Reliability (OER). OER would consider whether discontinuing operations of the generating unit in question would result in a Reliability Standard violation. The Commission in turn would advise EPA regarding such Reliability Standard violations in written comments. FERC has requested comments on these and other procedural steps recommended in the White Paper. The deadline for filing comments is February 29, 2012.

Read more...