Monday, January 11, 2016

CRS Insight - Electric Grid Physical Security: Recent Legislation (US)

(Another Hat Tip to our friends at the Federation of American Scientists for posting this CRS document!)

Last week a two-page summary of recent US government legislation focused on electric grid physical security was prepared by Paul W. Parfomak of the Congressional Research Service (CRS).

The document is a quick read. Besides summarizing the Federal Energy Regulatory Commission (FERC)) / North American Electric Reliability corporation (NERC) efforts on the CIP-014, Physical Security Reliability Standard, the document summarizes some interesting electric grid physical security elements in the Fixing America's Surface Transportation (FAST) Act - P.L. 114-94 and the Energy Policy Modernization Act of 2015 - S. 2012.

Fixing America's Surface Transportation (FAST) Act - P.L. 114-94
  • Became law on December 4, 2015
  • Contains provisions in two sections to facilitate recovery during electric grid emergencies due to physical damage and other causes.
  • Critical Electric Infrastructure Security (§1104) -- This section provides the Secretary of Energy additional authority to order emergency measures to protect or restore the reliability of critical electric infrastructure or defense critical electric infrastructure during a grid security emergency.  The identification of such a grid emergency would be made by written notice from the President with a concurrent notification from Congress.  This section also allows a) grid owners to recover prudent costs incurred under such emergency measures through rates regulated by FERC, and b) increases protection of critical electrical infrastructure information.
  • Strategic Transformer Reserve (§1105) -- This section requires the Secretary of Energy -- in consultation with other agencies, the military, and the utility industry -- to submit to Congress within one year a plan for a Strategic Transformer Reserve.
  • Includes two sections primarily directed at electric grid cybersecurity but with potential impacts on physical asset protection or recovery.
  • Cybersecurity Threats (§2001) -- Would provide the Secretary of Energy additional authority to order emergency measures to avert or mitigate a cybersecurity threat upon receiving notice from the President that such a threat exists.  This section is also intended to increase protection of critical electrical infrastructure information.
  • Cybersecurity Threats (§2002) -- This section would designate the Department of Energy (DOE) as the lead Sector-Specific Agency under Presidential Policy Directive 21 for energy sector cybersecurity.  This bill would require a) DOE to develop a program for modeling and assessing energy infrastructure risks in the face of natural and human-made (physical and cyber) threats, b) DOE to explore alternative structures and funding mechanisms to expand industry participation in the Electricity Information Sharing and Analysis Center (E-ISAC).

Thanks again to Mr. Parfomak for this CRS Insight.