The office will let FERC set best practices and communicate with private-sector firms about cyber vulnerabilities through “existing statutory authority,” the regulator said in a Thursday statement. Joseph McClelland will leave his post as director of electric reliability to head the new division.
While FERC Chairman Jon Wellinghoff said forming the new Office of Energy Infrastructure Security is unrelated to developments on Capitol Hill and in the White House, he has consistently lobbied Congress to give a federal agency more enforcement and monitoring power on the electric grid.
"The new office will undertake these activities using the Commission’s existing statutory authority," Craig Cano, a FERC spokesman, told The Hill on Thursday. "There is no change in the position expressed by Commission officials in congressional testimony that current limitations in Federal authority may not fully protect the grid against cyber and physical threats."
But that authority might not come from Congress any time soon. The Senate has stalled on cybersecurity legislation, with a deal looking unlikely this session.
However, the White House is circulating a draft executive order on cybersecurity. That order would create a voluntary program in which companies on critical infrastructure networks — such as the electric grid — meet government-set best practices and standards.
Critical infrastructure networks have been one of the main holdups in the Senate, as Republicans and Democrats are split on how to treat them.
Republicans say even voluntary standards might lead to regulations, which they are against. Instead, they prefer enhancing legal protections for private firms communicating vulnerabilities on their systems to the federal government.
Democrats say that enhanced information-sharing would not defend the critical infrastructure networks against sophisticated cyber attacks.
Rep. Edward Markey (D-Mass.), who has sponsored legislation that would give FERC more power to act on cyber threats, praised FERC’s new division.
“I applaud FERC for this important step to provide expertise and resources to directly address cyber threats and attacks facing our nation, but we can do more,” Markey said in a Thursday statement. “The electric grid’s vulnerability to attack is one of the single greatest threats to our national security.”
Still, the powers in FERC’s new office will not affect most electric utilities. Distribution-level utilities, which deliver power to homes, account for 97 percent of the nation’s power lines but are outside of FERC’s jurisdiction.