FERC orders new standards to enhance grid security
In a statement, Norris also urged Congress to allow the agency to collect “sensitive security information” regarding physical vulnerabilities to the grid but said it not be forced to make those data public.
“Currently, industry remains concerned that confidential security information submitted to the commission would be subject to disclosure through Freedom of Information Act requests,” Norris said. “These concerns have understandably left industry reluctant to provide the commission with its most sensitive security information related to potential physical threats or vulnerabilities to our power grid.”
FERC’s order arrives on the heels of growing calls among lawmakers alarmed by a Feb. 16 Wall Street Journal story that outlined a high-profile — and still unsolved — attack on a substation in California last April. Former FERC Chairman Jon Wellinghoff called the attack “the most significant incident of domestic terrorism involving the grid that has ever occurred” (Greenwire, Feb. 20).
FERC’s order directs NERC to craft the new standards through a stakeholder process within 90 days. FERC will have the final say on whether the standards move forward.
The commission said the standards should require utilities to identify infrastructure critical to the system’s overall reliability and develop plans for protecting that equipment.
But FERC, which is required to follow the NERC stakeholder process, stopped short of issuing across-the-board requirements for all utilities.
“The commission appreciates that many owners and operators of critical facilities already have separately taken steps to enhance the physical security of their facilities,” the agency said. “We also recognize that there is not a ‘one size fits all’ response to protect against physical security threats, and we do not seek to impose one by this order.”
The industry welcomed the agency’s flexible approach.
“We appreciate that FERC recognized that the industry takes ongoing actions to protect critical assets to the electric grid and that a standard is not a one-size-fits-all solution,” said James Fama, the Edison Electric Institute’s vice president of energy delivery, in a statement. “Standards are static, while threats to the grid are dynamic. That is why close coordination between government and industry is critical.”
Energy and Commerce Chairman Fred Upton (R-Mich.) in a statement said the rule is encouraging. “Ensuring the security and reliability of the electric grid remains a priority for this committee, and we will continue our oversight of all emerging threats, including cyber attacks, acts of terrorism, electromagnetic pulses, and strict government mandates and regulations that threaten reliability,” Upton said.
Allison Clements, director of the Sustainable FERC Project housed within the Natural Resources Defense Council, praised the rule and said she hopes FERC will push forward with addressing cybersecurity concerns that Norris mentioned.
“The rule is great, but we hope the commission doesn’t stop there,” she said.