Oct 6 -- The Federal Energy Regulatory Commission (Commission) proposes to revise its regulations to provide incentive-based rate treatments for the transmission of electric energy in interstate commerce and the sale of electric energy at wholesale in interstate commerce by utilities for the purpose of benefitting consumers by encouraging investments by utilities in advanced cybersecurity technology and participation by utilities in cybersecurity threat information sharing programs, as directed by the Infrastructure Investment and Jobs Act of 2021 (Infrastructure and Jobs Act). This notice of proposed rulemaking (NOPR) also terminates the NOPR proceeding in Docket No. RM21-3-000 (December 2020 Cybersecurity Incentives NOPR).
As of October 6, 2022, the proposed rule published at 86 FR 8309 on February 5, 2021, is withdrawn. Comments on this proposed rule are due November 7, 2022, and reply comments are due November 21, 2022.
1. In this NOPR, the Commission proposes under section 219A of the Federal Power Act (FPA) to establish rules for incentive-based rate treatments for certain voluntary cybersecurity investments by utilities.
These rules would make incentives available to utilities that make certain cybersecurity expenditures that enhance their security posture by improving their ability to protect against, detect, respond to, or recover from a cybersecurity threat and to utilities that participate in cybersecurity threat information sharing programs to the benefit of ratepayers and national security.
2. First, we propose a regulatory framework on how a utility could qualify for incentives for eligible cybersecurity expenditures. Under this framework, we propose that eligible cybersecurity expenditures must: (1) materially improve cybersecurity through either an investment in advanced cybersecurity technology or participation in a cybersecurity threat information sharing program; and (2) not already be mandated by Critical Infrastructure Protection (CIP) Reliability Standards, or local, state, or Federal law. A utility would seek an incentive in a filing pursuant to FPA section 205 and the incentive would be effective no earlier than the date of the Commission order approving the incentive request.
3. We propose to evaluate cybersecurity investments using a list of pre-qualified expenditures that are eligible for incentives determined by the Commission and publicly maintained on the Commission's website (PQ List). With the Commission having evaluated expenditures to include on the PQ List in advance, we believe that the PQ List approach would provide an efficient and transparent mechanism for determining appropriate cybersecurity expenditures that are eligible for incentives. We propose that any cybersecurity expenditure that is on the PQ List would be entitled to a rebuttable presumption of eligibility for an incentive. We also discuss and seek comment on a potential alternative approach, whereby a utility's cybersecurity expenditure would be evaluated on a case-by-case basis to determine if it is eligible for an incentive.
4. Second, we propose two options for the type of incentive a utility could receive for an eligible cybersecurity expenditure: (1) a return on equity (ROE) adder of 200 basis points; or (2) deferred cost recovery for certain cybersecurity expenditures that enables the utility to defer expenses and include the unamortized portion in rate base.
5. Third, we propose that any approved incentive(s) will remain in effect for five years from the date on which the cybersecurity investment(s) enters service or expenses are incurred, or expire earlier if other conditions discussed in this NOPR are met before the end of that five year period. We seek comment on the proposed duration and expiration conditions for incentives granted under this proposal.
6. Finally, we propose that a utility that has received a cybersecurity incentive under this section must make an annual informational filing on June 1, as further discussed herein. The annual filing should detail the specific investments that were made pursuant to the Commission's approval and the corresponding FERC account used.
FRN:
https://www.federalregister.gov/d/2022-21003 [14 pages]
