Federal Energy Regulatory Commission Directs North American Electric Reliability Corporation to Update Cybersecurity Standards
On January 19, 2023, the U.S. Federal Energy Regulatory Commission (FERC) issued a final rule (RM22-3) (the Rule) directing the North American Electric Reliability Corporation (NERC) to develop and submit for approval reliability standards that require internal network security monitoring (INSM) within a trusted Critical Infrastructure Protection (CIP) networked environment for all high-impact bulk electric system (BES) cyber systems and medium-impact BES cyber systems with external routable connectivity. FERC also directed NERC to study all low-impact BES cyber systems and medium-impact BES cyber systems without external routable connectivity (Other BES). NERC has 15 months to submit its proposed reliability standards for approval and 12 months to submit a report on its study of the Other BES.
U.S. FERC Proposes Revisions to Cybersecurity Incentives for Utilities
On September 22, 2022, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) regarding Incentives for Advanced Cybersecurity Investment, requesting comment on proposed revisions to regulations implementing the Federal Power Act (FPA). The revisions would provide incentive-based rate treatments for the transmission of electric energy in interstate commerce and the sale of electric energy at wholesale in interstate commerce by utilities for certain voluntary cybersecurity investments. The NOPR was issued in response to a Congressional mandate set forth in the Infrastructure Investment and Jobs Act of 2021, which directed FERC to establish cybersecurity incentives that would encourage investments by utilities in advanced cybersecurity technology and participation in cybersecurity threat information sharing programs. This NOPR replaces a prior cybersecurity incentives NOPR from December 2020.
SEC Proposes Far-Reaching Rules for “Enhancement and Standardization” of Climate-Related Disclosures
On March 21, 2022, the SEC issued proposed rules that would require public companies to include extensive climate-related information in their registration statements and periodic reports. The proposed rules would require disclosure concerning climate-related risks and impacts, oversight and governance of climate-related risks, climate-related financial statement metrics, climate-related goals, and greenhouse gas emissions. (more…)