On March 2, 2023, the Biden administration unveiled a new National Cybersecurity Strategy that includes various initiatives to protect U.S. energy infrastructure from attacks. The White House strategy comes on the heels of several high-profile attacks on U.S. substations and at a time when federal regulators have placed increased focus on the security of the U.S. energy grid.
A series of threats to the U.S. power grid have elevated physical grid security as a key concern for federal energy regulators. On December 15, 2022, the Federal Energy Regulatory Commission (FERC) ordered the North American Electric Reliability Corporation (NERC) to reassess its existing security rules in light of recent grid attacks.
On September 22, 2022, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) regarding Incentives for Advanced Cybersecurity Investment, requesting comment on proposed revisions to regulations implementing the Federal Power Act (FPA). The revisions would provide incentive-based rate treatments for the transmission of electric energy in interstate commerce and the sale of electric energy at wholesale in interstate commerce by utilities for certain voluntary cybersecurity investments. The NOPR was issued in response to a Congressional mandate set forth in the Infrastructure Investment and Jobs Act of 2021, which directed FERC to establish cybersecurity incentives that would encourage investments by utilities in advanced cybersecurity technology and participation in cybersecurity threat information sharing programs. This NOPR replaces a prior cybersecurity incentives NOPR from December 2020.