As is clear from recent news reports, cybersecurity hacks and breaches have been trending upward for some time, and there has been a noticeable uptick over the last several months—including in the energy industry. As a result, President Joseph Biden has committed his administration, in large part through the American Jobs Plan and his executive order of May 12, to strengthen cybersecurity across the nation.
The Consolidated Appropriations Act, 2021, signed into law on December 27, includes the Energy Act of 2020 (Energy Act) and the Taxpayer Certainty and Disaster Tax Relief Act of 2020 (Taxpayer Act), which contains tax provisions important to the energy sector.
An order issued from the US Department of Energy on December 17 prohibits the installation of Chinese equipment or components in facilities providing power to designated “Critical Defense Facilities.” The order discusses threats to the electric supply chain from China.
Executive Order 13920, “Securing the United States Bulk-Power System,” issued on May 1 limits the US use of bulk-power system equipment produced by “foreign adversaries.”
FERC and NERC issued a joint notice on Wednesday providing compliance flexibility on certain key reliability standard requirements during the ongoing coronavirus (COVID-19) pandemic. Although this guidance can allow utilities to avoid findings of noncompliance for certain requirements where timely compliance activities could be difficult due to personnel shortages and other limitations, this is not a blanket waiver. Instead, utilities must provide written notices of their intent to use this guidance. The content of those notices must be drafted carefully as they will be necessary to demonstrate compliance in future reviews.
Join Morgan Lewis lawyers for these upcoming programs.
Nuclear Power Corporation of India Limited (NPCIL) announced on October 30 that the malware “Dtrack” had been found on the administrative network of the Kudankulam Nuclear Power Plant (KKNPP) in early September 2019. KKNPP is the largest nuclear power plant in India, equipped with two Russian-designed VVER pressurized water reactors, each with a capacity of 1,000 megawatts. Both reactor units feed southern India’s power grid.
Join Morgan Lewis lawyers for upcoming programs.
The Nuclear Regulatory Commission’s (NRC’s) Assistant Inspector General for Audits issued a memorandum on August 20 on the status of recommendations based on the Office of Inspector General’s (OIG’s) Audit of NRC’s Cyber Security Inspections at Nuclear Power Plants (OIG-19-A-13). As previously reported on Up & Atom, OIG recommended that the NRC work to close the critical skill gap for future cybersecurity inspection staffing, and develop and implement cybersecurity performance measures for licensees to use to demonstrate sustained program effectiveness. Based on the NRC’s July 3, 2019, response, OIG has issued this status of recommendations.
Following the July 12, 2019, release of “Power Reactor Cyber Security Program Assessment,” the Nuclear Regulatory Commission’s (NRC’s) Director of Physical and Cyber Security Policy in the Office of Nuclear Security and Incident Response issued a memorandum to NRC Staff on August 6, 2019.