Chairman James Danly Statement
December 17, 2020
Docket No. RM21-3-000
NOPR
Threats to the cybersecurity of the bulk power system are numerous and growing. Ensuring that the system is adequately protected against those threats is an issue of national importance and one that must remain a priority of this Commission. Accordingly, we support this notice of proposed rulemaking (NOPR) as a means for soliciting further comments on whether this particular incentives-based approach is a just and reasonable and not unduly discriminatory or preferential approach to improving public utilities’ cybersecurity posture.
We write separately to highlight two general issues that we believe require additional attention. The first issue is whether the Commission can better address cybersecurity threats by directing NERC to expand its critical infrastructure protection (CIP) standards to require some or all of the investments contemplated in this NOPR. Although we appreciate the appeal of an incentives-based approach, the importance of cybersecurity demands us to at least consider whether we should mandate the best practices contemplated in this NOPR rather than simply trying to induce public utilities to adopt them.
The second issue goes to the heart of what the NOPR intends to achieve—whether public utilities are not adopting the contemplated measures because the existing financial incentives are insufficient. We encourage commenters to address whether—and, if so, why—additional measures, such as an elevated ROE or deferred cost recovery, are necessary to incentivize public utilities to adopt additional cybersecurity measures.