Federal energy regulator creates cyber/EMP security office

In the face of mounting electronic assaults on critical U.S. infrastructure targets, the Federal Energy Regulatory Commission (FERC) unveiled a new office on Sept. 20 that it hopes will help combat potential Cyber and physical attacks on the U.S. electric grid.

FERC Chairman Jon Wellinghoff announced the creation of the Office of Energy Infrastructure Security (OEIS) which FERC said would provide leadership, expertise and assistance to identify, communicate and find comprehensive solutions to potential risks to FERC-jurisdictional facilities from cyber attacks and physical threats, including electromagnetic pulses (EMP).

“Creating this office allows FERC to leverage its existing resources with those of other government agencies and private industry in a coordinated, focused manner,” Wellinghoff said. “Effective mitigation of cyber and other physical attacks requires rapid interactions among regulators, industry and federal and state agencies.”

The new FERC office, said Wellinghoff, will focus on a number of activities aimed at protecting energy facilities under its jurisdiction. It will develop recommendations for identifying, communicating and mitigating potential cyber and physical security threats and vulnerabilities to energy using FERC’s existing statutory authority.

Some lawmakers welcomed the new office, but said more could be done to protect the nation’s power infrastructure. “I applaud FERC for this important step to provide expertise and resources to directly address cyber-threats and attacks facing our nation, but we can do more,” said Rep. Ed Markey (D-MA). “The electric grid’s vulnerability to attack is one of the single greatest threats to our national security,” he said. Markey, said however, that a bill he sponsored in the last congress, called The GRID Act, would give FERC the authority to quickly issue grid security orders or rules if vulnerabilities or threats have not been adequately addressed by industry. The bill stalled, however.

 “All five FERC commissioners agreed that giving FERC this authority would increase America’s ability to secure our electric grid. It is imperative House Republicans stop their obstruction and join Democrats to pass the GRID ACT so that we can move empower FERC to gird the electric grid from cyber attacks that could devastate our banking, health care, and defense systems.”

FERC’s new OEIS, said Wellinghoff will provide assistance, expertise and advice to other federal and state agencies, jurisdictional utilities and Congress in identifying, communicating and mitigating potential cyber and physical threats and vulnerabilities to energy facilities.

The new office will also participate in interagency and intelligence-related coordination and collaboration efforts, like workshops, classified briefings and conferences with federal and state agencies, as well as industry representatives on cyber and physical security matters.

It will conduct outreach efforts with private sector owners, users and operators of energy delivery systems regarding identification, communication and mitigation of cyber and physical threats to energy facilities.

FERC will continue its oversight of the reliability of the nation’s bulk power system, working closely with the North American Electric Reliability Corporation (NERC), the national electric reliability organization certified by FERC, through the reorganization.

According to FERC, the newly-inaugurated OEIS will be led by Joseph McClelland, who has been Director of the Office of Electric Reliability since its formation in 2006. The Office of Electric Reliability will be led by Ted Franks, who will serve as Acting Director.