October 20, 2014

Advertisement

October 17, 2014

The Cybersecurity Executive Order’s Effect on the Electric Industry

This is a follow up to our recent blog post on the February 12, 2013 Executive Order titled Improving Critical Infrastructure Cybersecurity.”  As noted in the earlier post, the Executive Order calls for greater public and private sharing of information related to cyberscurity threats and a new Cybersecurity Framework for all industries.

Of particular importance to the electric industry is the Executive Order’s requirement that Federal Agencies use the Cybersecurity Framework to assess their existing cybersecurity regulations to determine whether existing regulations can be eliminated and/or whether new regulations are needed.  Although the White House has compiled an extensive list of statements in support of the Executive Order, a key question is whether the implementation of this new Executive Order will complement and not supersede or complicate existing cybersecurity regulations in the electric industry.  Unlike other critical infrastructure industries, the electric industry has already been subject to extensive cybersecurity regulation under NERC’s CIP reliability standards for several years.  Moreover, NERC’s Electricity Sector Information Sharing and Analysis Center and FERC’s newly formed Office of Energy Infrastructure Security are both already charged with the responsibility to disseminate cybersecurity threat information. 

Recognizing the concern about possible duplicative regulations, Senator Lisa Murkowski, ranking minority Senator for the Senate Energy and Natural Resources Committee issued a statement warning that “too much emphasis on standards” may “unintentionally impede rather than strengthen the ability to respond to a cyber-attack.”  The Senator further warned that “any voluntary measures proposed by the administration cannot undermine or conflict with the mandatory structure for the electric grid that Congress enacted in the 2005 Energy Policy Act or the requirements placed on the nuclear industry by the NRC.”

Relevant Links

Fact Sheet on Executive Order: http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity-0

White House Cybersecurity page: http://www.whitehouse.gov/cybersecurity

Compilation of Statements in Support of the Executive Order  http://www.whitehouse.gov/sites/default/files/uploads/07_eo_quotes_02132013.pdf

Sen. Murkowski Statement: http://www.energy.senate.gov/public/index.cfm/republican-news?ID=d5497389-2bdc-47ed-86f3-dca05a104a28

© 2014 Schiff Hardin LLP

TRENDING LEGAL ANALYSIS


About this Author

Partner

Joel G. deJesus has extensive experience working with the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC). Although Mr. deJesus has represented clients on a wide variety of federal electric utility matters, he concentrates his practice advising users, owners and operators of the bulk power system in all aspects of electric reliability regulation.

202-724-6833
Associate

John ("Jed") E. Dearborn Jr. focuses his practice in a variety of energy-related legal matters.

202-724-6839