The GRID Act, introduced in the House and Senate, would authorize FERC to effectively address electricity grid security issues.
On March 26, 2014, Rep. Henry A. Waxman (D-CA) introduced the Grid Reliability and Infrastructure Defense (GRID) Act (H.R. 4298) aimed to amend the Federal Power Act to protect the bulk-power system and defense-critical electric infrastructure against physical, cyber, electromagnetic pulse, and other threats and vulnerabilities. Sen. Edward J. Markey (D-MA) introduced the bill in the Senate. In 2010, the bill’s original version passed the House and was not considered in the Senate.
Energy Sector Represented 41 percent of Cyber Incidents Reported in FY 2012 (csmonitor)
The GRID Act would give the Federal Energy Regulatory Commission (FERC) the authority required to more effectively address threats and vulnerabilities of the electric grid. Currently, security protocols are overseen by the industry group North American Electric Reliability Corporation (NERC). A May 2013 report released by Rep. Waxman and Sen. Markey indicates that protracted industry-driven processes for setting grid security standards result in delays and haphazard implementation of voluntary security recommendations. Under the GRID Act, if FERC determines that any security vulnerability has not been adequately addressed by NERC-developed standards, it can issue rules or orders to address the vulnerability. NERC would be allowed to provide recommendations for the rule or order, and if a NERC-developed reliability standard is approved by FERC, they would rescind the associated rule or order.
The legislation would require FERC to address the Aurora vulnerability within 180 days of its enactment. Within the same time frame, the President would designate up to 100 defense-critical and vulnerable U.S. facilities for which FERC would implement necessary security measures. Within one year, FERC would require NERC to develop a reliability standard for availability of spare transformers to promptly replace transformers vulnerable to reasonably foreseeable threats.
According to the Department of Homeland Security’s Industrial Control System-Cyber Emergency Response Team, cyber incidents against the energy sector represented 41 percent of total incidents reported in FY 2012. The GRID Act would protect sensitive grid security information from public disclosure and has provisions to facilitate information-sharing between authorized parties. It calls on the Department of Energy to share technical expertise with utilities to facilitate security clearance acquisitions for key personnel.
March 27, 2014 via Energy Solutions Forum.
Energy Solutions Forum is an energy policy research and data company based in New York City. Follow @EnergySolForum for policy research and stay plugged in with ESF Calendar, the industry’s go-to resource for energy business events in and around NYC.
