Highway Bill Adds New Security Measures to Federal Power Act
Amendments to Federal Power Act grant the DOE authority to order emergency protective actions by utilities, provide greater protections for Critical Energy Infrastructure Information, and exempt utilities from environmental fines when subject to emergency DOE orders.
The newly passed “highway bill,” the Fixing America’s Surface Transportation Act, amends the Federal Power Act to incorporate new energy security provisions. Those provisions aim to strengthen the federal government’s authority over electric grid emergency response, facilitate coordination among federal agencies on reliability issues, enhance the protocols for protecting and sharing Critical Energy Infrastructure Information (CEII), and exempt utilities from environmental penalties when operating subject to Department of Energy (DOE) emergency directives.
New DOE Authority to Direct Emergency Security Actions
Section 61003 of the highway bill, which creates a new section 215A of the Federal Power Act, authorizes the DOE to order utilities, the North American Electric Reliability Corporation (NERC), and Regional Entities to implement emergency security measures for up to 15 days at a time. Such orders would require a written determination from the president identifying a grid security emergency, which could include malicious cyber or physical attacks or natural events (such as geomagnetic storm events) that could disrupt the operation of critical energy infrastructure. The provisions permit the DOE to reissue emergency orders for consecutive 15-day periods as long as the president finds that the emergency is continuing.
To streamline emergency response actions, the highway bill will exempt utilities from penalties for violations of Federal Energy Regulatory Commission (FERC or the Commission) orders and NERC reliability standards caused by actions taken to implement the emergency security measures directed by the DOE. The highway bill also acknowledges that utilities may incur substantial costs while implementing emergency orders that may not otherwise be reasonably recoverable through existing cost-based or market rates. To address this gap, the cost-recovery provisions in the law direct the Commission to establish a separate mechanism that permits recovery of those emergency-related costs, subject to public notice and comment procedures.
New Protection from Environmental Fines Due to DOE Operational Directives
Section 61002 of the highway bill amends section 202(c) of the Federal Power Act to provide utilities with protection from federal, state, and local environmental penalties while operating under an emergency order issued by the Commission. This would most likely apply in circumstances where the DOE directs a generator to operate to ensure system reliability, but that generator would otherwise be required to reduce operations due to environmental limitations. Prior to the amendment, the generator would be required to run in accordance with the Federal Power Act but would simultaneously incur penalties for operating in violation of environmental laws. The new law does, however, contain mechanisms to encourage the DOE to tailor any emergency operating orders to minimize violations of environmental laws.
Enhanced Protections for CEII
Section 61003 of the highway bill also offers enhanced protection for CEII, the scope of which will ultimately be determined by the Commission through regulation. Under the new law, information that qualifies as CEII is exempt from disclosure under the Freedom of Information Act. If CEII is in the hands of other federal agencies or state, local, or tribal authorities, it is also exempt from disclosure under any transparency laws applicable to those entities. To ensure that CEII is properly protected, the law requires the Commission to provide criteria and procedures for designating information as CEII, prohibit the “unauthorized” disclosure of CEII, and develop sanctions for Commissioners, Commission staff, and DOE personnel who “knowingly and willfully” engage in an unauthorized CEII disclosure.
Not all of the law’s provisions seek to unconditionally limit access to information. For example, federal agencies would be allowed to provide temporary access to classified information to entities subject to emergency grid security measures. The law also encourages the voluntary sharing of CEII (e.g., between federal and state authorities or between the Commission and cross-border authorities). Additionally, CEII designations by the Commission or DOE would last no longer than five years (unless redesignated) and would also be subject to judicial review.
Spare Transformer Plan
With regard to reliability risks posed by the unexpected loss of large power transformers, section 61004 of the highway bill requires the DOE, in consultation with FERC, NERC, and electrical infrastructure operators, to develop a plan for storing spare large power transformers and emergency mobile substations that can be quickly deployed to provide temporary replacement of damaged large power transformers and substations that serve grid-critical functions. The plan would need to determine, among other things, the number of spare transformers and mobile substations necessary to restore grid resiliency following an outage, the optimal locations of storage facilities, the relative ease and speed of deploying spare transformers and mobile substations, and the cost of implementing such a plan.
Designation of DOE as Cybersecurity Sector-Specific Agency
Section 61003 of the highway bill also designates the DOE as the lead Sector-Specific Agency (SSA) for cybersecurity for the energy sector. The energy sector is one of 16 critical infrastructure sectors identified in Presidential Policy Directive-21 (PPD-21), Critical Infrastructure Security and Resilience. SSAs are designated agencies with specialized expertise in those critical infrastructure sectors that are tasked with various roles and responsibilities for their respective sectors, as specified in PPD-21 (e.g., development of sector-specific plan, coordination with the Department of Homeland Security, and incident management responsibilities). Under the new law, the DOE, which was previously designated the SSA for the energy sector, will expand its scope as lead SSA for cybersecurity for the energy sector.
The highway bill is available here. It was approved by the House and Senate and is expected to be signed by the president at any time.