The Federal Energy Regulatory Commission (FERC) is proposing a rule change that would provide rate incentives for electric companies that go “above and beyond” current regulations in their cybersecurity investments.
According to the proposed rule change published to the Federal Register on Feb. 5, the growing number of cybersecurity threats as well as the COVID-19 pandemic prompted FERC to make the incentive proposal.
“It is important that public utilities make cybersecurity investments to quickly and effectively address these cybersecurity challenges as well as other emerging threats,” the proposal says. “Therefore, the Commission has concluded that, given the unique importance of protecting the cybersecurity of the Bulk-Power System, it is appropriate to provide incentives for public utility cybersecurity investment as proposed in this NOPR.”
In order to receive incentives, companies would need to exceed the security controls included in the National Institute of Standards and Technology (NIST) framework approach. However, FERC plans to limit the incentives to companies that “are most likely to provide a significant benefit to the cybersecurity of Commission-jurisdictional transmission facilities,” not just the Bulk Electric System.
The proposal also states actions taken by companies that prove to be beneficial may eventually become “mandatory” for future standards.
Comments on the proposed rule close April 6 and reply comments are due on May 6.