The Federal Energy Regulatory Commission (FERC) has created an Office of Energy Infrastructure Security (OEIS). According to FERC, the new office will concentrate in four areas:

  • developing recommendations for identifying, communicating, and mitigating potential cyber and physical security threats and vulnerabilities to FERC-jurisdictional energy facilities using the Commission’s existing statutory authority;
  • providing assistance, expertise, and advice to other federal and state agencies, jurisdictional utilities, and Congress in identifying, communicating, and mitigating potential cyber and physical threats and vulnerabilities to FERC-jurisdictional energy facilities;
  • participating in interagency and intelligence-related coordination and collaboration efforts with appropriate federal and state agencies and industry representatives on cyber and physical security matters related to FERC-jurisdictional energy facilities including, but not limited to, participating in conferences, workshops, and classified briefings; and
  • conducting outreach with private sector owners, users, and operators of energy delivery systems regarding identification, communication and mitigation of cyber and physical threats to FERC-jurisdictional energy facilities.

In announcing the new OEIS on September 20, 2012, FERC Chairman Jon Wellinghoff said, “Because of the widespread effects and serious consequences that a successful cyber or physical security event may bring, it is important that swift, consistent, and effective action be taken by entities to prevent such attacks.”

According to Tim Tobin, a partner in Hogan Lovells’ Privacy and Information Management practice, “FERC’s action coincides with increasing attention on cybersecurity issues from all quarters, including signals from the White House that it may soon sign an Executive Order to protect the nation’s critical computer infrastructure in the wake of Congress’ failure to enact cybersecurity legislation this summer.”