Debate heats up over cybersecurity regulations for electric utilities

Representatives from the electrical industry sharply criticized on Tuesday a proposal in the House to extend federal regulation to include local power plants in major cities to protect them and the national power grid from cyberattacks. Under the 1935 Federal Power Act, the Federal Energy Regulatory Commission enforces security standards for most of the nation's power plants, including facilities and control networks -- known as bulk power systems -- that connect power systems. But the commission does not have regulatory jurisdiction over electrical systems outside the continental United States and to local distribution facilities, which include some in large cities such as New York and Washington. These systems are connected to the bulk power system through computer networks. "How can we possibly limit the authority to the bulk power system only when [computer networks] are all interconnected?" asked House Subcommittee on Energy and the Environment Chairman Ed markey (D-MA). Lack of federal authority to enforce standards industrywide opens the system to cyberattacks, Chairman Markey argues, because an attacker could target an individual power plant, which could cause outages across broader regions of the electric grid. "We have to close that regulatory black hole" between the federal authority and [North American Electric Reliability Corp.'s] jurisdiction, Rep Markey said.