Issues

Government Authentication
Personal Identity
Federal Standards
Governance
R&D
Resources
Legislation and Policy
Liability
Power Grid
Procurement


Library

o Government Authentication Library
o Personal Identity Library
o Federal Standards Library
o Governance Library
o R&D Library
o Resources Library
o Legislation and Policy Library

CRE Interventions
  Agency Administrative Actions
  Rulemaking
  Litigation

 ICANNfocus Archives

 

Locking the Grid
The recently passed energy bill includes provisions requiring that power companies adhere to mandatory reliability standards, standards that explicitly encompass cybersecurity protections. Furthermore, both the standards and the organization setting the standards would be under direct federal supervision

The Energy Policy Act of 2005 requires that the Federal Energy Regulatory Commission (FERC) certify an Electric Reliability Organization (ERO) which would establish and enforce "reliability standards for the bulk-power system, subject to Commission review." The term reliability standards is defined as including "cybersecurity protections." The legislation provides further explication by defining "reliable operation" as meaning that system failure "will not occur as a result of a...cybersecurity incident..."

Cybersecurity incident is defined by the law to mean "a malicious act or suspicious event that disrupts, or was an attempt to disrupt, the operation of those programmable electronic devices and communication networks including hardware, software and data that are essential to the reliable operation of the bulk power system."

The North American Electric Reliability Council, the organization mostly likely to be certified by FERC as the ERO, has already published the "third draft of its voluntary cybersecurity guidelines to guard against hackers, viruses and other computer attacks..." Now, however, the organization's standards will need to be mandatory not just voluntary. Furthermore, as required by the legislation, the standards and the Council's role as ERO will be subject to FERC's direct supervision.

Overall, the legislation appears to do a good job at balancing the vital role of the private sector in setting and enforcing standards with the need for federal oversight.

  • See FERC Energy Policy Act web page
  • See article in Washington Technology

  • Copyright © 2005 The Center for Regulatory Effectiveness.
    All rights reserved.