On July 21, FERC directed NERC to develop a new or modified “forward-looking, objective-driven” Reliability Standard that addresses supply chain risk management for industrial control system hardware, software, and computing and networking services (“cyber controls”) associated with BES operations. FERC required the standard to address
- software integrity and authenticity;
- vendor remote access;
- information system planning; and
- vendor risk management and procurement controls.
FERC is concerned that a “gap” exists in the CIP Reliability Standards, which has been highlighted by recent events where malware campaigns have targeted supply chain vendors in BES cyber control systems.
FERC expressed concern that vulnerable systems may be attacked either through hardware or software components of a cyber-control system or a third-party service provider may be attacked who has access to sensitive IT infrastructure or that holds or maintains sensitive data.
On July 21, prompted by cyberattacks highlighting cyber system vulnerabilities that may be exploited to attack the operation and maintenance of interconnected networks, FERC sought comment from industry participants on possible modifications to the CIP Reliability Standards that could address the cybersecurity of control centers used to monitor and control the BES in real time.
The Commission seeks comment on the following:
- The operational impact of forming a separation between the internet and BES control center cyber systems performing transmission operator functions through use of physical (hardware) or logical (software means).
- Whether rules should be implemented concerning “application whitelisting,” computer administration practices that would prevent unauthorized programs from running on a system network. FERC believes that application whitelisting could be a more effective mitigation tool than other mitigation measures because whitelisting allows only software applications and processes that are reviewed and tested before use in the system network.
FERC Requires Newly Interconnecting Small Generators to Ride Through Abnormal Frequency and Voltage Events
On July 21, FERC modified its pro forma Small Generator Interconnection Agreement (SGIA) to require newly interconnecting small generating facilities to ride through abnormal frequency and voltage events and not disconnect during such events. Under the final rule, each public utility transmission provider that has an SGIA must submit a compliance filing within 65 days of the date that the final rule is published in the Federal Register to demonstrate that it meets the requirements set forth in the rule.
The final rule also allows entities to seek “independent entity variations” from the revisions to the pro forma SGIA. Additionally, the Commission stated that transmission providers that are not public utilities would have to adopt the requirements of this final rule as a condition of maintaining the status of their safe harbor tariffs or otherwise satisfying the reciprocity requirement of Order No. 888.
The Commission did not adopt specific frequency and voltage ride-through parameters, but instead will allow for the development of appropriate system-specific standards, which may be based on work by recognized standards-setting bodies such as the Institute of Electrical and Electronics Engineers (IEEE).
For the first time, a federal district judge has held that a review of a Federal Energy Regulatory Commission’s (FERC’s) order assessing civil penalties will be treated as an ordinary civil action that requires a full trial rather than a proceeding in which a federal judge only reviews an administrative record compiled by agency investigators. This is also the first federal court decision on how the de novo review standard set forth in Section 31(d)(3) of the Federal Power Act (FPA) should be applied when FERC enforcement targets elect federal court review of the facts and law at issue in an electricity market manipulation proceeding.
The court’s ruling provides important guidance to market participants in the electricity industry that can avail them of the de novo review option set forth in the FPA when targeted by FERC enforcement staff. Further, this ruling provides precedent that defendants should consider when developing their strategy for defending against FERC allegations brought under the FPA.
Read the full LawFlash: Federal Court Grants Full Civil Trial to FERC Enforcement Target
On July 1, the US Court of Appeals for the District of Columbia Circuit issued an opinion invalidating an oil pipeline partnership’s tax allowance that the Federal Energy Regulatory Commission (FERC) had approved as consistent with established FERC policy.
In United Airlines v. FERC, the DC Circuit determined that FERC “failed to demonstrate that there is no double-recovery of taxes for partnership, as opposed to corporate, pipelines.” The court, in turn, ruled that FERC’s policy as applied in the case was arbitrary and capricious in violation of the Administrative Procedure Act. The court vacated that portion of the FERC decision and remanded for further proceedings.
The DC Circuit’s decision and its underlying analysis threaten to upset long-established FERC-permitted rate recovery of tax expense by pass-through entities and may create far-reaching rate implications for affected interstate pipelines and for electric transmission providers that have opted to be treated as partnerships for tax purposes.
On June 16, the Federal Energy Regulatory Commission issued a notice of proposed rulemaking proposing to amend its regulations pertaining to the designation, sharing and protection of critical energy infrastructure information.
The commission’s proposed revisions aim to comply with the directives in the Fixing America’s Surface Transportation Act (FAST Act), commonly known as the “Highway Bill,” which added Section 215A to the Federal Power Act and directed the commission to revise its regulations for protecting “critical electric infrastructure information.”
The newly enacted legislation further bolsters PHMSA’s growing oversight of storage and pipeline transport facilities.
On June 22, US President Barack Obama signed the Protecting Our Infrastructure of Pipelines and Enhancing Safety Act of 2016 (PIPES Act) into law. As enacted, the PIPES Act reauthorizes the Pipeline and Hazardous Materials Safety Administration’s (PHMSA’s) administrative oversight of the transportation of hazardous materials, including the operation, maintenance, and spill response planning of US natural gas and hazardous liquid transportation pipelines. The PIPES Act reauthorizes PHMSA for four additional years (until 2019) and also seeks to enhance product transportation safety by improving communication and collaboration among PHMSA, pipeline regulators, and nonfederal stakeholders. The PIPES Act also expands PHMSA’s authority to include underground storage of natural gas.
On June 16, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking to amend its regulations protecting Critical Energy Infrastructure Information. FERC’s proposed revisions are in response to directives in the recently passed Section 215A of the Federal Power Act and aim to address longstanding industry concerns by strengthening existing information protections and allowing FERC to penalize its personnel for unauthorized, knowing, and willful disclosures of this sensitive information. The proposal would also allow FERC to voluntarily share this information in response to grid emergencies and enable individuals to challenge the designation of information as Critical Energy Infrastructure Information in federal court.
In a final rule issued on June 16, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability Corporation (NERC) to make available to FERC staff certain databases developed by NERC that contain detailed, entity-specific information on transmission and generation assets as well as protection system misoperations.
FERC concluded that it needs access to the information in these databases to carry out its reliability responsibilities under section 215 of the Federal Power Act, including the identification of needed new or modified reliability standards and a better understanding of NERC’s periodic reliability and adequacy assessments. The only changes from FERC’s initial proposal were to limit FERC staff’s access to information about US facilities and to exclude any information voluntarily provided to NERC.
We host frequent webinars focused on the energy regulatory landscape. If you’ve been unable to join us, we’re providing recordings of our recent discussions on current trends, including energy storage, off-shore wind projects, and clean power.
RENEWABLE ENERGY AND STORAGE TRENDS FOR 2016
Energy storage deployment is rapidly increasing as technology costs decline and new opportunities emerge. Utilities, developers, investors, and regulators are all seeking to understand—and shape—this evolving market, as well as the integration of storage and renewable energy generation.
Kenneth M. Kulak, Partner
William D. Kissinger, Partner
Neeraj Arora, Of Counsel
Monica A. Schwebs, Of Counsel
Pamela C. Tsang, Associate
PERMITTING OFF-SHORE WIND PROJECTS
The US Department of Energy estimates the potential for off-shore wind energy of the contiguous United States as 4,150 gigawatts. While off-shore wind has been on the horizon for over 15 years, we examine the developmental and regulatory outlooks that may herald its time.
Ella Foley Gannon, Partner
Camarin E.B. Madigan, Partner
THE FUTURE FOR THE CLEAN POWER PLAN
EPA’s action on existing coal and gas-fired power plants significantly impacts the regulatory landscape for utilities, with implications on reliability, estimated generator retirements, and compliance deadlines.
Stephen M. Spina, Partner
Ronald J. Tenpas, Partner