On March 10, 2011, FERC Chairman Jon Wellinghoff sent letters to Senators Joe Lieberman (I–CT) and Susan Collins (R–ME), the chair and ranking member of the Senate Committee on Homeland Security and Governmental Affairs, and to Representatives Darrell Issa (R–CA) and Elijah Cummings (D–MD), the chairman and ranking member of the House Committee on Oversight and Government Reform, detailing the actions taken by FERC in response to cybersecurity concerns and challenges to the smart grid system. The letter explains the processes that FERC has taken to identify issues and concerns in cybersecurity since the Government Accountability Office (“GAO”) issued a report in January recommending that the Commission work to find solutions to these cybersecurity challenges and concerns (the “GAO report”) (see the January 12 edition of the WER).
The GAO report identified the threats to security measures the electric industry will face for smart grid systems. In Chairman Wellinghoff’s letter, he explained that FERC has been working with federal and state regulators and other industry stakeholders to find solutions to the challenges posed in the GAO report. FERC staff has also met with representatives of the American Public Power Association and the National Rural Electric Cooperative Association as well as the National Association of Regulatory Utility Commissioners. According to Chairman Wellinghoff’s letter, the meetings have produced methods for gathering data and improving communications. Also, there have been discussions on the status of smart grid system deployments and the degree of concern utilities have with cybersecurity. Furthermore, there seems to be agreement that coordination among all regulators will be useful once smart grid standards are adopted.
Presently, FERC is taking into consideration whether or not it has the authority to address breaches in compliance with reliability standards that could expose the smart grid to a cybersecurity attack. Although FERC does not have authority to change NERC standards, it may request a change to a standard in a specific area. Chairman Wellinghoff explained that FERC has already requested that the North American Electric Reliability Corp. (“NERC”) amend various critical infrastructure protection standards, and once those standards are changed, the Commission believes some of the concerns in the GAO report will be adequately addressed. Currently, the Commission is considering additional solutions to the challenges documented in the GAO report. Additionally, FERC held a technical conference in January on smart grid interoperability standards for which comments are due April 8, 2011.