The Cybersecurity Executive Order’s Effect on the Electric Industry
Saturday, February 23, 2013
This is a follow up to our recent blog poston the February 12, 2013 Executive Order titled “Improving Critical Infrastructure Cybersecurity.” As noted in the earlier post, the Executive Order calls for greater public and private sharing of information related to cyberscurity threats and a new Cybersecurity Framework for all industries.
Of particular importance to the electric industry is the Executive Order’s requirement that Federal Agencies use the Cybersecurity Framework to assess their existing cybersecurity regulations to determine whether existing regulations can be eliminated and/or whether new regulations are needed. Although the White House has compiled an extensive list of statements in support of the Executive Order, a key question is whether the implementation of this new Executive Order will complement and not supersede or complicate existing cybersecurity regulations in the electric industry. Unlike other critical infrastructure industries, the electric industry has already been subject to extensive cybersecurity regulation under NERC’s CIP reliability standards for several years. Moreover, NERC’s Electricity Sector Information Sharing and Analysis Center and FERC’s newly formed Office of Energy Infrastructure Security are both already charged with the responsibility to disseminate cybersecurity threat information.
Recognizing the concern about possible duplicative regulations, Senator Lisa Murkowski, ranking minority Senator for the Senate Energy and Natural Resources Committee issued a statement warning that “too much emphasis on standards” may “unintentionally impede rather than strengthen the ability to respond to a cyber-attack.” The Senator further warned that “any voluntary measures proposed by the administration cannot undermine or conflict with the mandatory structure for the electric grid that Congress enacted in the 2005 Energy Policy Act or the requirements placed on the nuclear industry by the NRC.”