A draft US Senate committee bill that would give the US Federal Energy Regulatory Commission limited cybersecurity oversight of state-jurisdictional electric distribution lines was met with concerns Thursday at a Senate Energy and Natural Resources Committee hearing.
The head of North American Electric Reliability Corp., the entity responsible for establishing grid reliability standards for the bulk electric system in the contiguous 48 US states, but not local distribution facilities, argued that FERC should not be given that additional oversight unless NERC is also granted the same authority to set standards for cybersecurity issues affecting distribution lines.
FERC is responsible for overseeing NERC activities, approving or rejecting proposed NERC reliability standards as well as any penalty amounts assigned to entities that violate the standards. NERC and FERC’s oversight of reliability on the grid does not include certain lines that go into major cities, distribution lines or the grid systems in Alaska and Hawaii. States have jurisdiction over distribution lines.
But the Senate draft bill would authorize FERC to set an interim rules directing owners and operators of distribution facilities to address cybersecurity vulnerabilities that would otherwise leave them open to a direct attack.
Unless NERC is granted matching jurisdiction, the law would essentially allow FERC to determine cybersecurity reliability measures for facilities over which NERC has no oversight or standard-setting ability, NERC President and CEO Gerry Cauley said.
The draft legislation would give FERC the ability to direct NERC to develop and propose a standard or revise an existing standard to adequately protect critical electric infrastructure from cybersecurity vulnerabilities.