In a final rule issued on June 16, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability Corporation (NERC) to make available to FERC staff certain databases developed by NERC that contain detailed, entity-specific information on transmission and generation assets as well as protection system misoperations.
FERC concluded that it needs access to the information in these databases to carry out its reliability responsibilities under section 215 of the Federal Power Act, including the identification of needed new or modified reliability standards and a better understanding of NERC’s periodic reliability and adequacy assessments. The only changes from FERC’s initial proposal were to limit FERC staff’s access to information about US facilities and to exclude any information voluntarily provided to NERC.
The three databases FERC staff will be able to access under the final rule are the following:
- Transmission Availability Data System (TADS), which includes highly detailed transmission outage data by entity
- Generating Availability Data System (GADS), which includes highly detailed information on plant availability, including information on events affecting power plants and the performance and design of those plants
- Protection system misoperations database, which collects information about each protection system misoperation, including the components at issue, the effects of each misoperation, and the cause of each misoperation
Although many commenters opposed FERC’s full and direct access to these databases, FERC overruled those concerns, explaining that such access is consistent with FERC’s role to oversee NERC and identify potential changes to the reliability standards. FERC also sidestepped concerns that this access would limit utilities’ willingness to voluntarily share information with NERC by limiting FERC staff’s access to only that information in the data that has been provided to NERC under a mandatory obligation. Because NERC’s databases cover entities outside the United States as well as domestic utilities, FERC also clarified that its access would be limited to data covering US facilities.
FERC acknowledged utilities’ concerns about the sensitivity of this information and the need to maintain it as confidential, but refused to address any of the confidentiality objections raised by the industry. Instead, FERC concluded that, on balance, the confidentiality and security risks presented by FERC’s access to this information were outweighed by FERC’s need for this data. FERC also rejected the proposal for NERC to “anonymize” the data before providing it to FERC staff on the grounds that removing any information that FERC could use to directly identify the utilities providing the data would undermine the usefulness of the data for FERC. However, FERC did stay the effectiveness of this final rule until it completes the rulemaking required by section 215A of the Federal Power Act, which provides new confidentiality protections for “critical electric infrastructure information.”
Despite some of the minor revisions that the final rule makes to FERC’s initial proposal, several concerns remain for utilities:
- FERC has acknowledged that it will be free to use the information in these databases for any statutory purpose, which will include compliance and enforcement activities. This suggests that FERC could use its access to these databases to identify utilities to investigate for noncompliance with mandatory reliability standards.
- The confidentiality concerns of the utilities have not been resolved. FERC has claimed that its pending confidentiality regulations under section 215A will provide enhanced protections, but has not concluded that the information in these databases would be protected under the new section 215A regulations.
- The concerns for how FERC staff’s access to these databases will satisfy the FERC regulations and NERC rules for the protection of this information have been disregarded. FERC did not address those concerns, and only noted that it “will work with NERC to address any technical, procedural, or confidentiality issues to ensure that Commission staff can promptly access the databases upon the Final Rule becoming effective.”
The final rule adds a new subsection (c) to 18 C.F.R. § 39.11 to require NERC to provide FERC staff access to these databases.