Bill would give FERC authority on cyber threats
- By Alice Lipowicz
- Sep 12, 2008
A House subcommittee has begun considering legislation that would expand the authority of the Federal Energy Regulatory Commission to deal with cyber threats against the nation’s electric power grid.
The commission's current legal authority is “inadequate” to meet the challenges of cybersecurity, Joseph Kelliher, FERC's chairman, told the House Energy and Commerce Committee's Energy and Air Quality Subcommittee on Sept. 11.
“Widespread disruption of electric service can quickly undermine our government, military readiness and economy, and endanger the health and safety of millions of citizens,” Kelliher said. “Thus, there may be a need to act quickly to protect the grid, to act in a manner where action is mandatory rather than voluntary, and to protect security-sensitive information from public disclosure. The commission’s legal authority is inadequate for such action."
The subcommittee considered a draft bill prepared by its chairman, Rep. Rick Boucher (D-Va.), that would enlarge the commission's emergency powers. The Bulk Power System Protection Act of 2008 addresses cyber threats and national security threats to the bulk power system.
Several energy industry executives agreed with the need for FERC emergency powers, but said the new authority must be carefully crafted to avoid interfering with the existing system of authorities.
“We understand the seriousness of the issue and the need to deal with it,” said Susan Kelly, vice president of policy analysis for the American Public Power Association. “At the same time, we believe that such legislation must be carefully drawn and narrow in its application, to avoid disrupting the mandatory reliability regime that Congress has already required and the electric utility industry has implemented, with the oversight of the FERC.”
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.