HR 4298 and S 2158 Introduced – Grid Act

As I noted last week Rep. Waxman (D,CA) and Sen. Markey (D,MA) both introduced bills relating to the security of the electric grid. While the Senate bill has not yet been published by the GPO, I think that we can safely assume that HR 4298 and S 2158 are both entitled the Grid Reliability and Infrastructure Defense (GRID) Act and are, in fact, companion bills. Since only HR 4298 is currently available, all references to the bill will be based upon this version, but I don’t expect that there will be any differences in the two bills.

The bill amends Part II of the Federal Power Act (16 USC 824 et seq), adding Section 215A.

Definitions

Paragraph (a) of the bill adds a number of definitions to the FPA. They include:

• Defense critical electric infrastructure

• Defense critical electric infrastructure vulnerability

• Electromagnetic pulse

• Geomagnetic storm

• Grid security threat

• Grid security vulnerability

• Large transformer

• Protected information

The most critical of these definitions is the ‘defense critical electrical infrastructure’. It is defined as any infrastructure used for the generation, transmission, or distribution of electric energy that:

• Is not part of the bulk-power system; and

• Serves a facility designated by the President; but

• Is not owned or operated by the owner or operator of the designated facility.

Considering the wide spread discussion the attack on a California substation last year it is important to note that both the ‘grid security threat’ and ‘grid security vulnerability’ definitions specifically include direct physical attacks.

Emergency Response Measures

Paragraph (b) provides the Federal Energy Regulatory Commission (FERC) authority to issue emergency orders “to protect the reliability of the bulk-power system or of defense critical electric infrastructure” {§215A(b)(1)}. Emergency orders do not require advance notice, public hearings or reports as long as the President provides “(either directly or through the Secretary) a written directive or determination identifying an imminent grid security threat”.

When the President issues such a directive or determination, he is required to promptly notify Congress. That notification will include “the contents of, and justification for, such directive or determination” {§215A(b)(2)}.

As the situation permits FERC is required to consult with {§215A(b)(3) and (4)}:

• The appropriate governmental authorities in Canada and Mexico;

• The Secretary of Energy;

• Other appropriate Federal agencies;

• The Electric Reliability Organization;

• The affected regional entity; and

• The affected owner, user, or operator of the bulk-power system or of defense critical infrastructure within the United States.

FERC is required to issue an order discontinuing the emergency order within 30 days of the first of the following occurrences {§215A(b)(5)}:

• The President notifies FERC that the threat no longer exists;

• FERC determines that the emergency measures are no longer needed; or

• One year after the order was issued.

                                               

FERC may establish mechanisms for owners and operators to recover substantial costs related to compliance with the emergency order. The typical notice and opportunity for comment process will be used in establishing any such mechanism.

Measures to Address Grid Security Vulnerabilities

                                               

Section 215A(c) provides authority for FERC, when they determine that an existing grid security vulnerability is not adequately addressed through existing reliability standards, to “promulgate a rule or issue an order requiring implementation, by any owner, operator, or user of the bulk-power system in the United States, of measures to protect the bulkpower system against such vulnerability” {§215A(c)(1)}. The standard rulemaking process will be followed.

FERC is specifically required to issue a rule or order requiring bulk-power system owners, users, or operators to take “such measures as are necessary to protect the bulk-power system against the vulnerabilities identified in the June 21, 2007, communication to certain ‘Electricity Sector Owners and Operators’ from the North American Electric Reliability Corporation, acting in its capacity as the Electricity Sector Information and Analysis Center” {§215A(c)(2)}.

The bill would require that FERC approve reliability standards developed as a result of rules or orders that have been issued under provisions of this bill unless they determine that “such reliability standard does not adequately protect against such vulnerability or otherwise does not satisfy the requirements of section 215 [§824o]” {§215A(c)(3)}. Once such reliability standards are approved, FERC will rescind the rule or order that had been issued to address the vulnerability.

The bill would specifically require FERC to address the issue of large transformer availability. Within a year of the bill being adopted FERC would be required to go through the typical rulemaking process to issue an order requiring the Electric Reliability Organization (ERO), within an additional year, adopt reliability standards on the availability of large transformers. That standard would require owner/operators of large transformers to ensure “adequate availability of large transformers to promptly restore the reliable operation of the bulk-power system in the event that any such transformer is destroyed or disabled as a result of a reasonably foreseeable physical or other attack or geomagnetic storm event” {§215A(c)(4)}.

Critical Defense Facilities

Section 215A(d) requires the President to designate up to 100 Critical Defense Facilities within 180 days of the enactment of this legislation. Such facilities would be located in the United States and are determined to be {§215A(d)(1)}:

• Critical to the defense of the United States; and

• Vulnerable to a disruption of the supply of electric energy provided to such facility by an external provider.

Any time that FERC becomes aware of an unresolved defense critical electric infrastructure vulnerability they will, using typical rulemaking procedures, will promulgate a rule or issue an order requiring the owner/operator of the affected critical defense infrastructure to implement “measures to protect the defense critical electric infrastructure against such vulnerability” {§215A(d)(2)}.

Protection of Information

Section 215A(e) establishes a new class of protected information that is exempt from Freedom of Information Act disclosure or “State, local, or tribal law requiring disclosure of information or records” {§215A(e)(1)(B)}. FERC is required to establish regulations and issue orders as necessary to designate protected information and prohibit unauthorized disclosure of such information while facilitating “the appropriate sharing of protected information with, between, and by Federal, State, local, and tribal authorities, the Electric Reliability Organization, regional entities, and owners, operators, and users of the bulk-power system in the United States and of defense critical electric infrastructure” {§215A(e)(2)(B)}.

FERC is directed to minimize the amount of information designated protected information and require the segregation of protected and unprotected information to “facilitate disclosure of information that is not designated as protected information” {§215A(e)(4)}.

Provision of Assistance to Industry in Meeting Grid Security Protection Needs

Section 215A(g) requires the Secretary, in conjunction with other Federal agencies, to develop “technical expertise in the protection of systems for the generation, transmission, and distribution of electric energy against geomagnetic storms or malicious acts using electronic communications or electromagnetic pulse” {215A(g)(1)}.

That technical expertise will be shared with owners and operators of systems used for the generation, transmission or distribution of electric energy in the United States as well as with State commissions. Priority will be given to systems serving critical defense facilities and other critical infrastructure facilities identified by FERC.

Certain Federal Entities

Section 215A(h) exempts the Tennessee Valley Authority and the Bonneville Power Administration from orders and regulations under the Emergency Response Measures, §215A(b),  and Measures to Address Grid Security Vulnerabilities, §215A(c),  requirements of this legislation for a period of 11 years. The one exception to this exemption is measures addressing a malicious act using electronic communication”.