The Federal Energy Regulatory Commission (FERC) on Sept. 22 issued a Notice of Proposed Rulemaking (NOPR) to establish rules providing incentive-based rate treatment for utilities making certain voluntary cybersecurity investments.
In the Infrastructure Investment and Jobs Act of 2021, Congress directed FERC to revise its regulations to establish incentive-based rate treatments by encouraging utilities to invest in advanced cybersecurity technology and participate in cybersecurity threat information sharing programs.
Under the NOPR, cybersecurity expenditures would be eligible for an incentive including both expenses and capital investments associated with advanced cybersecurity technology and participation in a cybersecurity threat information sharing program.
Also, eligible cybersecurity expenditures would be voluntary and have to materially improve the utility’s cybersecurity posture. FERC proposes to establish a pre-qualified list of cybersecurity expenditures that are eligible for incentives that would be publicly maintained on FERC’s website.
The incentives would take two forms: a return on equity adder of 200 basis points, or deferred cost recovery that would enable the utility to defer expenses and include the unamortized portion in its rate base.
Approved incentives, with certain exceptions, would remain in effect for up to five years from the date on which the investments enter service or expenses are incurred.
At the same time, FERC terminated its earlier cybersecurity incentives NOPR (Docket No. RM21-3), which the American Public Power Association had opposed.
Comments on the NOPR are due 30 days after publication in the Federal Register. Reply comments are due 45 days after publication in the Federal Register.
The NOPR is available here.