FERC wants to expand its authority over cybersecurity vulnerabilities of the electric grid to include electrical distribution systems, which are currently under state jurisdiction, as well as the generation and transmission systems.
Joseph McClelland, director of FERC’s Office of Electric Reliability, told the Senate Committee on Energy and Natural Resources last week that FERC needs expanded authority over the electricity grid in order to fulfill its mandate to protect the grid from physical and cyber attacks.
“The commission’s current authority is not adequate to address cyber or other national security threats to the reliability of our transmission and power system. These types of threats pose an increasing risk to our nation’s electric grid, which undergirds our government and economy and helps ensure the health and welfare of our citizens”, McClelland told the Senate panel.
McClelland laid out five legislative changes that are needed so that FERC can better protect the electric grid from cyber attacks.
First, FERC should have authority to take action before a cyber attack incident occurs. Second, the commission should be able to maintain the confidentiality of sensitive information obtained regarding the electric grid. Third, FERC should be able to regulate parts of the electric grid beyond the “bulk power system”, its current mandate, to include the electric distribution system currently regulated by states. Fourth, public utilities should be able to recover costs resulting from FERC mandates to reduce cyber vulnerability and threats. And fifth, the commission should be able to mitigate threats from natural events, such as geomagnetic disturbances resulting from solar flares and other sources.
The Senate committee is currently considering draft legislation to beef up cybersecurity protection of the electrical grid, including providing FERC with the expanded authority pushed by McClelland.