By Elizabeth K. Nevitt and Lori Pickford
House Energy and Commerce Committee Ranking Member Henry Waxman (D-CA) and Rep. Ed Markey (D-MA), sent a Jan. 17 letter to a number of private power companies, co-ops and public power utilities requesting information on their efforts to protect assets from cyber or physical attack or geomagnetic storms. Last fall, Senate Commerce Committee Chair John Rockefeller (D-WV) sent a similar cyber security inquiry to all Fortune 500 companies after the Senate failed for a second time to bring the comprehensive Lieberman-Collins cyber security bill to a vote.
The Waxman-Markey letter is more focused on the electric industry, and asks questions related to:
• Whether – or why not – companies are implementing the September 2010 recommendations by the North American Electric Reliability Corporation (NERC) in response to the Aurora malware threat and March 2010 NERC recommendations to address an FBI warning about ability for cyber intruders to remotely gain access to utility assets and how the companies responded to any grid reliability notices by NERC over the last five years;
• Steps taken to address risks from cyber vulnerabilities from malware;
• Whether the companies utilize hiring practices to assess whether employees pose insider threats, and whether there are any job duties not permitted to be conducted by foreign nationals;
• The amount of large transformers utilized by the utility and whether any other entities have competing claims to them in the event of a cyber attack or disaster;
• The number and nature of any cyber attacks on the entity and whether they were reported to NERC, FERC, the Department of Homeland Security (DHS) or other authorities;
• Steps taken to protect against geomagnetic storms;
• How many employees in the last five years have been primarily focused on cyber security and the titles of those employees;
• Whether the entities have identified all of their critical assets based on the "bright line" criteria as part of the Version 4 CIP standards, and whether the current FERC CIP standards are adequate; and
• Whether each company conducts exercises to assess its ability to respond to cyber attacks, as well as descriptions of the simulations.
The electric sector cyber security coalition met Jan 25. to discuss both a response to the Markey-Waxman letter and a Feb. 6 planned briefing of House Energy and Commerce Committee staff and Members’ staff. APPA will soon provide to members a draft of the response it proposes to send to Markey and Waxman, giving an overview of the many actions the electric sector is taking to address cyber security threats. NEPPA members are encouraged to inform APPA if they have received a letter such letter from Rep. Waxman and Markey.
To read the complete legislative update including the following topics, click the links below:
Congressional Focus; Energy Back in Focus
Fiscal Cliff Avoided; More Battles Loom as 113th Congress Begins
House Passes Debt Ceiling "Suspension"
Obama Addresses Climate in Second Inaugural Address
New Climate Bill with Fees on Greenhouse Gas Emitters
Senate Leaders Reach Filibuster Deal
Markey, Wyden, Others Weigh in on LNG Exports