On March 24, 2010, the House Energy and Environment Subcommittee unanimously voted to forward the Grid Reliability and Infrastructure Defense (“GRID”) Act to full committee without any amendments. The bipartisan bill would amend the Federal Power Act to give the Federal Energy Regulatory Commission (“FERC” or the “Commission”) authority to issue emergency orders for utilities to take protective action when the president declares a grid security “threat.” The legislation also would direct FERC to address system vulnerabilities to cyber and electromagnetic attacks.
The legislation is the revised version of H.R. 2165, a 2009 bill sponsored by Representative John Barrow (D-GA), subcommittee Chairman Ed Markey (D-MA), and committee Chairman Henry Waxman (D-CA).
The day before the subcommittee voted on the GRID Act, FERC Chairman Jon Wellinghoff testified before the subcommittee about the serious nature of potential cyber attacks on the grid. He told the subcommittee that the bill would give the Commission the necessary authority to address both system vulnerability and cyber attacks.
Under the bill, the President could declare a threat if there is a substantial likelihood of a cyber attack, electromagnetic weapon attack, geomagnetic storm, or direct physical attack on the bulk power infrastructure. The President’s emergency order would terminate under three circumstances: when the president deems a threat to no longer exist, when FERC determines the emergency measures are no longer needed, or if one year lapses from the date of the emergency order. The President would be able to extend the emergency order if the threat continues beyond one year.
In addition to providing authority to address immediate threats, the GRID Act would also give FERC authority to mandate measures to protect against system “vulnerabilities” if it finds that the North American Electricity Reliability Corp. (“NERC”) standards are insufficient. FERC could coordinate with the Department of Energy (“DOE”) and agencies in Canada and Mexico to develop such reliability rules. However, if NERC subsequently issues new standards addressing the vulnerabilities, FERC must rescind its corresponding standards.
The law also directs NERC to create a large transformer standard allowing utilities to comply either individually or jointly. Large transformers can take up to two years to construct, so allowing entities to sell each other spare transformers in the event of an attack should ensure that utilities have adequate supplies of large transformers to replace any destroyed in a physical or cyber attack.
Finally, the bill directs FERC to review the security of electricity infrastructure on military bases. Under the bill, the President would designate up to one hundred domestic facilities that are critical to U.S. defense. FERC must then coordinate with the DOE to review the security of the interconnecting facilities. If FERC identifies vulnerabilities in those facilities, it could order protective measures in order to protect the facility.
A copy of the committee print of the Grid Act is available here.