The Federal Energy Regulatory Commission (FERC) said Tuesday it is seeking public comment on a white paper jointly prepared by FERC staff and staff from the North American Electric Reliability Corporation (NERC).
The white paper proposes strategies for providing transparency and public access to information regarding violations of mandatory reliability standards related to cybersecurity of the bulk electric system while protecting sensitive information that could jeopardize security.
FERC noted that, since 2018, it has received an unprecedented number of Freedom of Information Act (FOIA) requests for non-public information in the Notices of Penalty (NOPs) for violations of Critical Infrastructure Protection (CIP) reliability standards.
NERC, the designated electric reliability organization, has been submitting CIP NOPs to FERC since 2010. These NOPs typically include information about the nature of the violations, potential vulnerabilities to cyber systems due to noncompliance and mitigation activities.
The white paper proposes that NERC submit each notice with a public cover letter that includes the name of the violator, which reliability standards were violated and the number of penalties assessed. Each notice would also include non-public attachments that describe the nature of the violation, mitigation activity, and potential vulnerabilities to cyber systems. The attachments would also contain a request for designation of such information as Critical Energy Infrastructure Information.
“The procedures that NERC and FERC have followed in processing NOPs for CIP violations has been in place since before I joined FERC and has not been changed in the past decade, as outlined in the attached White Paper,” FERC Commissioner Cheryl LaFleur said. “I think it is highly appropriate that we consider changes to the process at this time. As I discussed at the technical conference, it is important that we handle NOPs so as to avoid subjecting the bulk electric system to risk of a cyber attack once a vulnerability is identified. At the same time, I believe state regulators, members of the public, and others have a legitimate interest in such violations, and we should seek to achieve as much transparency as we can consistent with protecting legitimate security interests.”
According to the joint staff white paper, the proposed changes would make distinguishing between public and non-public information straightforward, make submission and processing of the notices more efficient and reduce the risk of inadvertent disclosure of non-public information.
The names of violators would be public, but details that could be used to plan an attack on critical infrastructures, such as details regarding violations, mitigation, and vulnerabilities, would likely be considered exempt from FOIA.
FERC is seeking comment on several aspects of the white paper, including the potential security benefits and, if applicable, risks associated with the proposed NOP format; difficulties with implementation or other concerns that should be considered; and the level of transparency provided by this proposed change.
“I believe the FERC and NERC staff have put forth one proposal worthy of consideration for a way to handle these NOPs differently,” LaFleur said. “I hope that we receive a wide range of comments on the White Paper, including any suggestions for alternative processes, which will allow FERC and NERC to move forward on this issue.”
Comments are due 30 days after the white paper’s publication on Aug. 27.
This week, the Florida Public Service Commission approved two Florida energy companies—Duke Energy Florida and Tampa Electric—to lower their rates.…
This year has already brought major milestones for the U.S. clean energy industry, with solar topping 100 GW at utility-scale,…
Regional electricity consumption in New England will increase by about 17 percent over the next decade, according to a new…
With the threat of wildfires a growing yearly occurrence these days, Avista announced ahead of this year’s wildfire season that…
The latest update to the not-for-profit Pacific Northwest Utilities Conference Committee’s (PNUCC) Northwest Regional Forecast painted a picture of surging…
The Canada Pension Plan Investment Board and Global Infrastructure Partners have agreed to terms with Allete to acquire the Minnesota-based…
This website uses cookies.