Two new laws that may have escaped attention by the industry have the potential to dramatically change the grid security landscape
Joel deJesus has been practicing energy law for over 25 years, and was NERC’s Director of Compliance Enforcement. He is currently a partner at Dinsmore & Shohl, LLP, where he regularly advises clients on electric reliability matters, particularly in the areas of cyber- and physical security.
On the cybersecurity front, the industry is gearing up for the much anticipated Version 5 of the cybersecurity reliability standards that were first proposed by the North American Electric Reliability Corporation (NERC) and approved by the Federal Energy Regulatory Commission (FERC) in 2013. The standards become effective in April 2016. The industry is also now writing physical security plans for its most critical transmission substations under a physical security reliability standard that went into effect last October.
While the NERC cybersecurity and physical security reliability standards have been in the making for a few years, two new laws enacted at the end of 2015 have the potential to dramatically change the grid security landscape. Since both laws were enacted as part of much broader year-end legislation that was not directly focused on the electric industry or energy, the statutes may have escaped attention by the industry. Nevertheless, they demand more consideration as we head into the new year.
Cybersecurity Act of 2015
The more recent of the two laws is the aptly named Cybersecurity Act of 2015. It was enacted on December 18 as part of the "Consolidated Appropriations Act, 2016."