The US Department of Energy (DOE) and the Department of Commerce (DOC) announced on October 30, 2024 a Memorandum of Understanding (MOU) signed earlier this year to collaborate on safety research, testing, and standards for artificial intelligence (AI). The National Institute of Standards and Technology (NIST), a federal agency within the DOC and a leader in standards development across a range of industries, will represent the DOC under the MOU.
Power & Pipes
FERC, CFTC, and State Energy Law Developments
Yesterday marked the start of CERAWeek 2024 by S&P Global, and for the rest of this week Morgan Lewis partners Kirstin Gibbs and Felipe Alice will be reporting back on the key themes and ideas they are uncovering as the conference unfolds.
FERC has issued its final rule paving the way for incentive-based rate treatment for electric utilities that make certain voluntary cybersecurity investments. As we first noted in 2020 when describing the proposed rule, the final rule provides a new mechanism for promoting cybersecurity of the bulk-power system by rewarding utilities for proactively enhancing their cybersecurity programs beyond the mandatory requirements of the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) reliability standards.
There are no unimportant North American Electric Reliability Corporation (NERC) reliability standards, but from time to time, NERC and the Regional Entities (Regions) place greater emphasis on certain reliability standards in response to events affecting the grid. With headline-grabbing physical attacks on power substations across the country in recent months, one of NERC’s greatest current priorities is evaluating the effectiveness of its physical security standards, most notably CIP-014.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) on the new cyber incident reporting requirements for critical infrastructure owners as required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).
As has been reported, a recent ransomware attack has caused an interstate pipeline and fuel supplier to much of the eastern United States to shut down its operations. Although the attack did not compromise operational systems, the company opted to cease operations as a precautionary measure. The FBI confirmed that the attack was carried out by an international criminal gang of hackers. The US Department of Energy, Cybersecurity and Infrastructure Security Agency, FBI, and other government officials are working directly with the pipeline to restore operations.
The US Department of Energy submitted a report to the president last month on “Economic and National Security Impacts under a Hydraulic Fracturing Ban.” This 80-page report analyzed the effects of a hypothetical United States ban on high-volume hydraulic fracturing technology used with any new or existing onshore wells starting in 2021 through 2025. Such a ban, the report predicts, would result in the loss of millions of jobs, price spikes at the gas pump, and higher electricity costs for all Americans. The report goes on to predict that a ban would eliminate the United States’ status as the top oil and gas producing country, return the United States to a net importer of oil and gas by 2025, weaken the United States’ geopolitical standing, and negatively affect its national security.
The US Congress adopted extensive federal energy policies in the Energy Act of 2020 (Energy Act), which President Donald Trump signed into law on December 27 as part of the Consolidated Appropriations Act, 2021. The Consolidated Appropriations Act also includes tax provisions important to the energy sector.
At its December open meeting, FERC proposed to establish rules for incentive-based rate treatments for voluntary cybersecurity investments by a public utility. If approved, the regulations would provide incentives for utilities to invest in cybersecurity improvements above and beyond existing mandatory requirements, provided the investments are related to the jurisdictional transmission or sale of electric energy. Traditionally FERC has worked to enhance the cybersecurity of the bulk-power system by directing the development and expansion of mandatory NERC Critical Infrastructure Protection (CIP) reliability standards. The proposed rules here would be quietly revolutionary by offering the “carrot” of financial incentives for cybersecurity enhancements, rather than relying exclusively on the “stick” of monetary sanctions that result from violations of mandatory requirements.
The secretary of the US Department of Energy (DOE) issued an order on December 17 prohibiting electric utilities from installing equipment or components provided by Chinese companies in electric facilities serving designated “Critical Defense Facilities.” Relying on authority from Executive Order 13920 on Securing the United States Bulk-Power System, the order identified threats to the electric supply chain from China and concluded that prohibiting Chinese equipment in these sensitive facilities is necessary to respond to the Chinese government’s plans to undermine the bulk-power system.