On September 17, 2020, FERC issued a Notice of Inquiry (“NOI”) seeking comments on strategies to mitigate any potential risks to the bulk electric system posed by telecommunications equipment and services produced or provided by entities identified as risks to national security. Huawei Technologies Company (“Huawei”) and ZTE Corporation (“ZTE”) have been identified as examples of such entities because they provide communication systems and other equipment and services that are critical to bulk electric system reliability.
As part of FERC’s role in approving Critical Infrastructure Protection (“CIP”) Reliability Standards submitted by the North American Electric Reliability Corporation (“NERC”) for the bulk electric system, FERC approved its first set of supply chain risk management Reliability Standards in 2018. As FERC explained in the NOI, since that time, various executive actions, legislation, as well as federal agency initiatives have raised concerns over the potential national security risks posed by equipment and services provided by entities like Huawei and ZTE. For example, President Trump issued two Executive Orders in May 2019 and 2020 regarding bulk power system security threats (see, e.g. May 5, 2020 edition of the WER), and these concerns were also the subject of Congressional amendments to the National Defense Authorization Acts, two Federal Communication Commission Orders, and a Department of Defense report. In addition, a bipartisan group of U.S. Senators also asked FERC to seriously evaluate and address the threat posed to the nation’s energy infrastructure by the use of equipment manufactured by Huawei (see December 18, 2019 edition of the WER).
FERC’s NOI responds to these concerns by seeking comments on the following topics: 1) the extent to which equipment and services provided by entities that have been identified as risks to national security are used in the operation of the bulk electric system; 2) the risks to bulk electric system reliability and security posed by the use of such equipment and services; 3) whether the current CIP Reliability Standards adequately mitigate identified risks to bulk electric system operations; 4) what mandatory actions FERC could consider taking to mitigate risks; 5) strategies that entitles have implemented or plan to implement to mitigate risks; and 6) other methods FERC could employ to work collaboratively with the industry to raise awareness about risks and mitigating actions. The NOI provides additional questions to consider under each topic, but notes that commenters need not address every topic or answer every question provided.
Comments are due 60 days after the date of publication in the Federal Register.
Reply Comments are due 90 days after the date of publication in the Federal Register.
A copy of the NOI is available here.