Thursday, September 11, the House
Energy and Air Quality Subcommittee held a hearing on "Protecting the Electric Grid from Cyber Security Threats." At the hearing, Members heard testimony from government
officials and industry representatives on draft legislation which reflected
efforts by a coalition of electric utility trade association representatives
and Federal Energy Regulatory Commission (FERC) staff to reach consensus. The recently-developed bill would provide new
authority to FERC to address emergency cyber security and other threats to the
electrical grid.
No
one at the hearing disputed the enormity of a potential cyber security attack
on the country's electric grid. As a
result, the industry coalition and FERC were able to agree on many issues. However, the associations and FERC remain at
odds on a few critical matters.
Susan
Kelly of the American Public Power Association (APPA) testified on behalf the industry coalition, --
which included APPA, the Canadian Electricity Association, the Edison
Electric Institute, the Electricity Consumers Resource Council, the Electric
Power Supply Association, the Large Public Power Council, the National
Association of Regulatory Utility Commissioners, the National Rural Electric
Cooperative Association, and the Transmission Access Policy Study Group -- in
support of granting FERC new emergency authority. However, Kelly said, any such legislation
must be "carefully drawn and narrow in its application" to avoid disrupting the
current NERC standards-making process.
Physical attacks "should not be covered," she said, and noted that the
FBI and DOE have sufficient authority to deal with those situations. She further testified that the industry associations
remain "concerned about the costs of compliance."
Subcommittee Chairman Rick Boucher
(D-VA) said he intends to move this bill quickly, but through regular order,
with a subcommittee markup possible the week of September 15 and subsequent
full Committee and House floor consideration.
He also said that there would be a classified briefing by federal
agencies for members of the committee this week. Several subcommittee Members, however,
cautioned that while this is an important issue, it was better to "get it
right" than to act too quickly.
In
a statement submitted for the record, Energy and Commerce Committee chairman
John Dingell (D-MI)
questioned whether FERC's new authority should apply to the "bulk power system"
as defined in the Energy Policy Act of 2005 or whether it should extend to
electric to distribution systems as well.
This question is likely to be raised in the Senate, as its draft bill
currently extends FERC authority beyond the "bulk power system."
While it is unlikely that a cyber
security bill will be enacted this year, the issue will likely be a legislative
priority in the 111th Congress.