The Federal Energy Regulatory Commission (“Commission” or “FERC”) issued a Notice of Proposed Rulemaking (“NOPR”) and Notice Terminating Proceeding on September 22, 2022 in the above-captioned docket (the “Proposed Rule”) to “establish rules for incentive-based rate treatments for certain voluntary cybersecurity investments by utilities.” The Proposed Rule also terminates the NOPR proceeding in Docket No. RM21-3-000 (December 2020 Cybersecurity Incentives NOPR). The Interstate Natural Gas Association of America (“INGAA”) respectfully submits these comments pursuant to the comment procedures set forth in the Proposed Rule.
As directed by the Infrastructure and Jobs Act (“IJA”), FERC proposes, under section 219A of the Federal Power Act, to incent electric utilities to make certain voluntary expenditures, that can either be capitalized costs or expenses, that materially enhance their security posture and to participate in cybersecurity threat information sharing programs. The Commission proposes a framework for (1) evaluating whether certain cybersecurity investments qualify for an incentive, including eligibility criteria to determine whether an investment is eligible for an incentive and use of a pre-qualified list (the “PQ List”) to identify the types of expenditures eligible for an incentive, (2) the type of incentive a utility could receive for an eligible cybersecurity expenditure, and (3) the duration and expiration conditions for incentives.