The Federal Energy Regulatory Commission (FERC) has proposed to amend its regulations to establish rules that would provide incentives to electric companies and other public utilities for making cybersecurity investments that go beyond the requirements of the Critical Infrastructure Protection Reliability Standards.
The proposed rule published Friday in Federal Register would allow public utilities to seek an increase in the rate of return on equity and apply for “deferred cost recovery” for their cybersecurity-related investments.
The deferred cost recovery would apply for three types of expenses: spending related to third-party provision of software, hardware and computing networking services; spending on training to implement cyber improvements; and risk assessments and other implementation expenses by third parties.
“In all such cases, eligible costs would be limited to costs associated with implementing cybersecurity upgrades and would not include ongoing costs including system maintenance, surveillance, and other labor costs, either in the form of employee salaries or third-party service contracts,” FERC said in the notice.
The commission will accept comments on the proposed rule through April 6th.