State commissions can select from a toolkit of regulatory approaches to promote desired utility cybersecurity behavior. One approach is to allow the industry to selfregulate, and another approach...
The Rush to Reliability
FERC races to impose NERC’s new rules, raising howls of protest in the process.
that will owe compliance to the new regime.
Yielding to Expertise
The NOPR has proven particularly awkward for FERC since in many ways the commission remains a bystander to the process: powerless to make things happen, yet still liable for failure, especially in the eyes of Congress.
EPACT sec. 1211 (Federal Power Act sec. 215) instructs FERC in approving reliability to standards to give “due weight” to NERC’s “technical expertise” as the nation’s one and only federally certified Electric Reliability Organization, or ERO. The law gives primacy to the commission to judge whether a particular standard will interfere with electric competition, but otherwise, it envisions that standards will be developed, drafted, and vetted exclusively through NERC’s proprietary stakeholder process. Thus, FERC’s job lies only in deciding whether a particular standard is just and reasonable. That evaluation is governed in turn by FERC Order 672, which sets out a list of general factors that the commission may consider. A standard need not be optimal or represent the “best practice,” as long as it achieves its reliability goal effectively and efficiently. (See, Order 672, ¶¶323-331, Docket RM05-30, Feb. 3, 2006, 114 FERC ¶61,104.)
That means that if FERC finds shortcomings in a standard proposed by NERC, or wants to see it improved, it cannot just fashion a fix, or tell NERC what language to insert to correct the problem. Rather, as NERC itself has explained, the commission must state its directive “in the form of an objective to be achieved,” or as a “concern or deficiency to be resolved.” As NERC adds, the commission must “not prescribe a particular requirement, metric or specific language.”
For the commission to do so, NERC adds, “would, in effect, constitute setting the standard and would countermand the open standards process that the commission has approved and that is required by law.” (See, Comments of NERC, Docket No. RM06-16, p. 24, filed Jan. 3, 2007.)
To add insult to injury, NERC has sought to assist FERC by first identifying various commission directives in the NOPR that violate these guidelines, and then offering alternative preferred language .
Thus, where FERC instructs NERC to improve Requirement 3.1 in its disturbance control performance standard (BAL-002-0) so as to “include enough contingency reserve to cover any single event or single contingency, including a transmission outage,” NERC sees an improper instruction, and reprimands the commission, as follows:
“An improved directive would be: The commission directs NERC to resolve the ambiguity noted by the Staff Assessment [May 11, 2006] that Requirement 3.1 could be subject to multiple interpretations, one limited to only the loss of generation, whereas another interpretation would also consider … [etc.].”
And again, from the NOPR: “The commission proposes to direct NERC to modify BAL-002-0 to include a requirement that explicitly allows demand-side management as a resource for contingency reserves.”
Whereas NERC offers the following “improved” directive:
“To allow DSM or DCLM to be a resource for contingency reserves on a comparable basis as conventional generation or any other technology.”
Consider also that many proposed NERC standards contain ambiguous terms (“where practical,”