Yesterday marked the start of CERAWeek 2024 by S&P Global, and for the rest of this week Morgan Lewis partners Kirstin Gibbs and Felipe Alice will be reporting back on the key themes and ideas they are uncovering as the conference unfolds.
Power & Pipes
FERC, CFTC, and State Energy Law Developments
FERC has issued its final rule paving the way for incentive-based rate treatment for electric utilities that make certain voluntary cybersecurity investments. As we first noted in 2020 when describing the proposed rule, the final rule provides a new mechanism for promoting cybersecurity of the bulk-power system by rewarding utilities for proactively enhancing their cybersecurity programs beyond the mandatory requirements of the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) reliability standards.
There are no unimportant North American Electric Reliability Corporation (NERC) reliability standards, but from time to time, NERC and the Regional Entities (Regions) place greater emphasis on certain reliability standards in response to events affecting the grid. With headline-grabbing physical attacks on power substations across the country in recent months, one of NERC’s greatest current priorities is evaluating the effectiveness of its physical security standards, most notably CIP-014.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) on the new cyber incident reporting requirements for critical infrastructure owners as required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).
As has been reported, a recent ransomware attack has caused an interstate pipeline and fuel supplier to much of the eastern United States to shut down its operations. Although the attack did not compromise operational systems, the company opted to cease operations as a precautionary measure.
The US Department of Energy submitted a report to the president last month on “Economic and National Security Impacts under a Hydraulic Fracturing Ban.” This 80-page report analyzed the effects of a hypothetical United States ban on high-volume hydraulic fracturing technology used with any new or existing onshore wells starting in 2021 through 2025.
The US Congress adopted extensive federal energy policies in the Energy Act of 2020 (Energy Act), which President Donald Trump signed into law on December 27 as part of the Consolidated Appropriations Act, 2021.
At its December open meeting, FERC proposed to establish rules for incentive-based rate treatments for voluntary cybersecurity investments by a public utility.
The secretary of the US Department of Energy (DOE) issued an order on December 17 prohibiting electric utilities from installing equipment or components provided by Chinese companies in electric facilities serving designated “Critical Defense Facilities.” Relying on authority from Executive Order 13920 on Securing the United States Bulk-Power System, the order identified threats to the electric supply chain from China and concluded that prohibiting Chinese equipment in these sensitive facilities is necessary to respond to the Chinese government’s plans to undermine the bulk-power system.
A cyberattack on a single gas compression facility resulted in the shutdown of a natural gas pipeline for two days, according to a recent alert from the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).