Emergency IT authority for FERC gains support

The Federal Energy Regulatory Commission needs more legal authority to protect the country’s electric grid from cyberattacks and other threats, a senior official from the commission told a House subcommittee today.

FERC’s “current authority is not adequate to address cyber or other national security threats to the reliability of our transmission and power system,” Joseph McClelland, director of FERC’s Office of Electric Reliability, said in prepared remarks for a hearing before the House Homeland Security Committee’s Emerging Threats, Cybersecurity, and Science and Technology Subcommittee.

Under current law, FERC is responsible for overseeing mandatory, enforceable reliability standards to the country’s bulk power system. McClelland said any new legislation should allow FERC to take action before a cyber national security incident happens on the electric grid.

FERC has assigned the North American Electric Reliability Corporation (NERC), a self-regulatory agency, to be responsible for proposing new reliability standards to help protect the country’s bulk power system. Michael Assante, chief security officer for NERC, testified that additional federal authority is needed to protect against “imminent cybersecurity threats” to North America’s bulk power system.

Assante said his organization backs legislation that would give a federal agency or department to take emergency action in the face of specific and imminent cyber threats. He added that although NERC has taken steps to protect the bulk power system from cyber threats, a federal department or agency needs the additional authority.

Members of the House and Senate are considering legislation introduced in April that would give the FERC more authority to deal with cyber threats to the nation’s privately owned electricity grids.

Members of Congress are focused on threats to the country’s electric grid as the Obama administration pushes its plans for a next generation, information technology enhanced, “smart grid” for electric power.

Currently, the National Institute of Standards and Technology is working to develop protocols and standards for information management to achieve interoperability of smart-grid devices and systems with input from industry.

FERC will then approve those standards. The commission said in a policy statement July 16 that the standards under development should make cybersecurity a priority.