This post was also written by Amy Mushahwar.
The Federal Energy Regulatory Commission (FERC) issued an order on July 20, 2012 to investigate whether any Authorized Certification Authorities (ACAs) had violated the North American Energy Standards Board (NAESB) Public Key Infrastructure (PKI) Standards, which outline various security requirements and specifications for the electric grid.1 The Order requires all ACAs (there are currently four) to submit a report to the Commission by July 27 which explains the processes and procedures each ACA uses to validate the identity of individuals requesting digital certificates, and the key lifetimes used for various certificates. There has been great debate about the appropriate lifespan of a digital certificate which would balance the cyber security needs of the grid with the amount of disruption imposed on businesses. In response to these concerns, Senator Joseph Lieberman (I-CT) submitted The Cybersecurity Act of 2012, a compromise bill with bipartisan sponsorship and the support of President Obama. On July 25, Senate Majority Leader Harry Reid (D-NV) invoked cloture to schedule a floor vote on the Cybersecurity Act prior to the Senate’s August recess, which will determine whether the Act will eventually be negotiated in a Conference Committee with members of the House of Representatives and could ultimately lead to a passed bill out of both of the Houses. Any new cyber security legislation which Congress passes could have a profound effect on the way the electric grid and other public-private critical infrastructure is secured. Please click here to read the issued Client Alert.
1 Reporting on North American Energy Standards Board Public Key Infrastructure Standards, 140 FERC (2012).
Research and drafting assistance for this post was provided by Reed Smith Legal Intern Rachael E. Pashkevich.