Protect Our Power Supports FERC Electricity Cybersecurity Incentives Initiative, Proposes Technical Conference to Develop Policies
WASHINGTON, Aug. 24, 2020 /PRNewswire/ -- Recognizing that U.S. electric utilities do not currently have adequate incentives to invest in advanced cybersecurity protection for the nation's electric grid, Protect Our Power is proposing that the Federal Energy Regulatory Commission (FERC) convene a technical conference to explore development of a potential cybersecurity incentives framework and application process.
In its response to a recent FERC White Paper on the incentives issues, Protect Our Power, a non-partisan, non-profit organization dedicated to improving grid security nationwide, praised FERC for raising the issue and noting that electric transmission owners are today only required to meet minimum requirements known as Critical Infrastructure Protection Reliability Standards, or CIP Standards.
"Today's reality is that our electric system needs to go beyond CIP's 'technical baseline' for grid cybersecurity and aggressively keep pace with the increasing, ever-changing cyber threats that aim to disable our power grid," said Suedeen Kelly, former FERC commissioner and regulatory counsel to Protect our Power. "This can only be accomplished by using the most current and effective solutions, and an incentives policy needs to incent the use of known, effective, and dynamic solutions and best practices."
The Protect Our Power comments focused on three issues to help advance the discussion begun by FERC and encourage policy innovation beyond current approaches to ratemaking incentives, and call on FERC to convene a two-part technical conference on cybersecurity incentives practices and policy, exploring existing and emerging best practices in grid cybersecurity as well as the financial and policy design details of a potential cybersecurity incentives framework and application process.
Protect Our Power proposed three additional ways that FERC can allow transmission owners to demonstrate that voluntary cybersecurity investments improve grid security:
-- Best Practices for Cybersecurity Solutions -- making clear that
voluntary transmission owner investments that implement Best Practices
for Cybersecurity Solutions ("BPCS") or fall within the NIST Framework
are presumptively eligible for incentives, as long as they are shown to
go beyond CIP Standards and are truly voluntary.
-- Authorizing Cybersecurity Investment Plans -- allowing utilities to
propose a comprehensive, 1- to 2-year package of voluntary cybersecurity
investments for pre-approval, which can then be recovered through
ratemaking if implemented. This could help utilities avoid the
significant cost and burdens of proposing investments on a
project-by-project basis, which can act as a disincentive. This
approach also encourages transmission owners to think about
cybersecurity more holistically which could, in turn, result in enhanced
cybersecurity across the system.
-- Cross-Utility Collaboration -- reducing the cost of cybersecurity
investments by 1) allowing utilities to achieve economies of scale by
investing in common activities and investments that involve multiple
transmission owners; 2) allowing partnerships and the pooling of
resources among multiple nonaffiliated utilities/transmission owners.
This could particularly benefit cooperatives and small public power and
investor-owned utilities by allowing the pooling of capital to make
significant cybersecurity investments. Such partnerships could be
regional or national in scope, or even take the form of a voluntary
regional cybersecurity organization (an RCO).
Recognizing the complexity of these issues, as well as others addressed in the comments filed, Protect Our Power suggests that FERC host a two-part technical conference to gather more information and evaluate how to design a voluntary cybersecurity incentives framework.
Part I could explore the current cybersecurity investment decisions being made by transmission owners, vendors, and groups such as NIST, Protect Our Power, and others who are working to refine and standardize cybersecurity best practices. Part II could focus on the financial and policy design of a voluntary cybersecurity incentives framework, tapping into the expertise of transmission owners, consumer advocates, and interested parties such as Protect Our Power.
"The bottom line is that having greater innovation and flexibility in the regulatory system would provide utilities large and small with incentives and encouragement to make needed investments in grid cybersecurity," Kelly said. "A reliable supply electricity is critical to the well-being of our country and our economy and, in today's world, that requires a grid that is cyber-secure."
About Protect Our Power:
Protect Our Power (POP) is a not-for-profit organization designed to build a consensus among key stakeholders, decision-makers and public policy influencers to launch a coordinated and adequately funded effort to make the nation's electric grid more resilient and more resistant to all external threats. The national program must also ensure establishment of an enhanced power restoration and recovery component for all grid operations that would include communications protocols to protect the American public.
For more information about Protect Our Power, visit www.protectourpower.org.
View original content to download multimedia:http://www.prnewswire.com/news-releases/protect-our-power-supports-ferc-electricity-cybersecurity-incentives-initiative-proposes-technical-conference-to-develop-policies-301117261.html
SOURCE Protect Our Power (POP)
