FERC today issued a Notice of Proposed Rulemaking (NOPR) to establish rules providing incentive-based rate treatment for utilities making certain voluntary cybersecurity investments.
In the Infrastructure Investment and Jobs Act of 2021, Congress directed FERC to revise its regulations to establish incentive-based rate treatments by encouraging utilities to invest in advanced cybersecurity technology and participate in cybersecurity threat information sharing programs.
Under today’s NOPR:
- Cybersecurity expenditures would be eligible for an incentive including both expenses and capital investments associated with advanced cybersecurity technology and participation in a cybersecurity threat information sharing program.
- Eligible cybersecurity expenditures would be voluntary and have to materially improve the utility’s cybersecurity posture. FERC proposes to establish a pre-qualified (PQ) list of cybersecurity expenditures that are eligible for incentives that would be publicly maintained on the FERC.gov website.
- The incentives would take two forms: a return on equity adder of 200 basis points, or deferred cost recovery that would enable the utility to defer expenses and include the unamortized portion in its rate base.
- Approved incentives, with certain exceptions, would remain in effect for up to five years from the date on which the investments enter service or expenses are incurred.
Comments on today’s NOPR are due 30 days after publication in the Federal Register. Reply comments are due 45 days after publication in the Federal Register. Today’s NOPR supersedes the December 2020 cybersecurity incentives NOPR; that proceeding, RM21-3, has been terminated.