Push back: Utility coalition fights federal cyber security standards

September 24, 2015

By William Pentland

The electric utility industry is pushing back on a proposal by the Federal Energy Regulatory Commission (FERC) that would establish reliability standards for managing the industry's supply chain.

Credit: robertiez

In July, FERC published a draft notice of proposed rulemaking (NOPR) that would instruct the North American Electric Reliability Corporation (NERC) to establish standards designed to prevent utility suppliers from compromising the safety or reliability of equipment and services.  

FERC is trying to reduce cyber security risks in utility supply chains.  A number of recent malware campaigns have injected malware in products prior to delivering them to customers while it is still under the control of a hardware or software vendor. In the case of a utility or ISO customer, FERC reasoned that the supply chain presented a reliability gap that needs to be addressed.

On Monday, a broad coalition of utility trade organizations filed comments stridently opposing the FERC's proposed reliability standards.

The coalition included the Edison Electric Institute (EEI), the American Public Power Association, the National Rural Electric Cooperative Association, the Electric Power Supply Association, the Electricity Consumers Resource Council, the Transmission Access Policy Study Group and the Large Public Power Council.

According to the coalition's comments, FERC lacks authority to impose mandatory reliability standards regulating the relationships between utilities and their suppliers.

Under section 215 of the Federal Power Act, which lays out FERC's reliability oversight, FERC has no authority over third-party suppliers or vendors, according to the coalition. The coalition urged that FERC should promulgate supply chain guidelines rather than mandatory standards. In addition, the coalition said FERC should hold a technical conference before issuing a final rule.

For more:
- see this background article

© 2015 FierceMarkets, a division of Questex, LLC. All rights reserved.

http://www.fierceenergy.com/story/push-back-utility-coalition-fights-federal-cyber-security-standards/2015-09-24