FERC reliance on ratepayers to fund utility cybersecurity insufficient to meet rising threat, analysts say – Utility Dive
- The Federal Energy Regulatory Commission is proceeding with a plan to offer incentives to utilities making cybersecurity investments that exceed mandatory Critical Infrastructure Protection (CIP) reliability standards. The commission published a Notice of Proposed Rulemaking (NOPR) in the Feb. 5 Federal Register.
- The incentives may help secure the electric grid in the near term, but some experts say having ratepayers continuously fund security upgrades is an untenable approach to a growing threat.
- FERC’s proposal is “better than nothing, but it doesn’t address the big problem. The demands on utilities are increasing all the time,” said Tom Alrich, a CIP compliance consultant.
Similar to how the military is funded, cybersecurity is a national issue and the federal government needs to spend broadly to secure the electric grid, said Alrich.
Hackers are becoming more sophisticated, and “the idea you’re going to get the ratepayer to pay more and more all the time in order to keep their local utility safe and running is just not realistic,” he continued.
Alrich pointed to the sophistication involved in the SolarWinds hack as evidence utilities are struggling to keep pace with threats. He said security concerns need to be addressed holistically, and the proposed incentives would only benefit a few dozen utility companies. A broader federal approach, however, would likely require Congressional action, he said.
“The grid is a national resource. It needs to be protected as such, and it needs to be protected on a national level,” Alrich said. “Utilities still have to kick in their share but