The Senate is considering bipartisan legislation to boost the defenses of the nation’s power grid against cybersecurity threats. The bill—the Protecting Resources on the Electric Grid with Cybersecurity Technology Act, or PROTECT Act of 2019—would require the Federal Energy Regulatory Commission (FERC) to study how to encourage (1) public utility investment in advanced cybersecurity technology and (2) participation by utilities in cybersecurity threat information sharing programs. FERC would then issue a rule implementing new incentive rate treatments to carry out those objectives within a year of the study’s completion.

Similar to the current FERC program for encouraging investment in transmission infrastructure, which FERC initiated in Order No. 679, public utilities would apply to recover the costs and incentives associated with qualifying cybersecurity investments over the depreciable life of the assets. Utilities would be permitted to apply for the incentive-based rate treatment on a “single-issue” basis, meaning other aspects of the utilities’ rates would be off limits in any such proceeding. The bill also contemplates a grant and technical assistance program, administered by the Department of Energy, to encourage similar investments among nonjurisdictional utilities, namely rural electric cooperatives and municipal utilities.

While the prospects for this bill seem encouraging, the rollout of any new policies will take months, if not years, under the best-case scenario. FERC would have 180 days to study the issue, followed by another year from the study’s completion to issue a new rule adopting the incentive rate treatment. Public utilities would then have to file individual applications with FERC seeking the desired incentive rate treatment.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.