On December 17, 2020, FERC issued a Notice of Proposed Rulemaking proposing to revise its regulations to establish incentives for public utilities to make certain cybersecurity investments that go beyond the current requirements of the Critical Infrastructure Protection (“CIP”) Reliability Standards established by the North American Electric Reliability Corporation (“NERC”) (“Cybersecurity NOPR”). Specifically, FERC proposed rules to allow regulated entities to:
- receive incentive-based rate treatment for the voluntary implementation of: (i) certain NERC CIP Reliability Standards to facilities that are not currently subject to those requirements (“NERC CIP Incentives Approach”), and/or (ii) certain security controls included in the National Institute of Standards and Technology Framework (“NIST Framework Approach”);
- request a return-on-equity adder of two hundred (200) basis points for making eligible cybersecurity capital investments; and
- defer cost recovery of certain cybersecurity costs that are generally expensed as incurred, and treat such costs as regulatory assets that may be included in transmission rate base.