Cybersecurity Legislation Receives House of Representatives Approval

June 11, 2010

On June 9, the U.S. House of Representatives passed the Grid Reliability and Infrastructure Defense Act (GRID Act), which is intended to strengthen the U.S. electrical grid against terrorist attacks, cyber threats, electromagnetic pulse weapons, and solar storms.

The GRID Act authorizes the Federal Energy Regulatory Commission (FERC) to issue emergency orders to protect critical electric infrastructure, and to take other measures to address current and potential vulnerabilities.

The GRID Act amends the Federal Power Act to permit FERC to issue orders for emergency measures to protect the reliability of either the bulk-power system or critical electric infrastructure whenever the President issues a written directive or determination identifying an imminent grid security threat. FERC's authority to take such action can be employed without notice or hearing. However, FERC, to the extent practicable in light of the nature of the grid security threat and the urgency for emergency measures, is instructed to consult with certain governmental authorities, including the governments of Canada and Mexico, regarding implementation of such emergency measures. Any orders issued by FERC that implement emergency measures must be discontinued within 30 days of (i) the President providing a directive that an imminent security threat no longer exists, or (ii) FERC determining that the need for emergency measures no longer exists. In no case may a Commission order implementing emergency measures continue for longer than one year.

The GRID Act also directs FERC to require any owner, user, or operator of the bulk-power system in the United States to implement measures necessary to protect the bulk-power system against specified vulnerabilities, and to order the North American Electric Reliability Corporation to submit reliability standards that achieve the following: (i) protect the bulk-power system from a reasonably foreseeable geomagnetic storm event, and (ii) require entities that own or operate large transformers to ensure their ability to quickly restore the reliable operation of the bulk-power system in the event that any such transformer is destroyed or disabled.

Following House passage, the GRID Act was referred to the U.S. Senate Committee on Energy and Natural Resources for consideration. The Senate is expected to address cybersecurity initiatives, including the GRID Act and other cybersecurity-related Senate initiatives, in the near future.

For further information or if you have any questions regarding any of the topics discussed in this LawFlash, please contact any of the following Morgan Lewis attorneys:

Washington, D.C.
Stephen M. Spina
Levi McAllister