FERC proposes incentives for electric companies to improve cybersecurity
- By Justin Katz
- Feb 08, 2021
The Federal Energy Regulatory Commission (FERC) is proposing a rule change that would allow the federal government to subsidize electric companies that implement cybersecurity measures beyond the minimum standards required by current regulations.
FERC is seeking comment on the proposed rule change, which was published Feb. 5 in the Federal Register.
Under the proposal, public utilities could seek "deferred cost recovery" for any cybersecurity improvements they make to their infrastructure that go beyond the minimum requirements developed by the National Institute of Standards and Technology.
The policy allows for three categories of improvements: third-party hardware, software and computing and networking services, employee training to implement the upgrades, and costs associated with the implementation "such as risk assessments by third parties or internal system reviews," according to the Federal Register.
FERC cites the coronavirus pandemic as one of the reasons the change is necessary.
"The rapid expansion of teleworking capabilities revealed potential vulnerabilities, and some identified cybersecurity events specifically targeting remote access network equipment," according to the proposal. "It is important that public utilities make cybersecurity investments to quickly and effectively address these cybersecurity challenges as well as other emerging threats."
The proposal also leaves open the possibility that any improvements companies take up voluntarily that are proven to be effective may eventually become mandatory, citing a June 2020 white paper written by FERC's staff.
Comments on the proposed rule are due by April 6.
Justin Katz is a former staff writer at FCW.