Comments on Consumer-Funded Incentives for Cybersecurity Investments By Utilities

By Tyson Slocum

Public Citizen today provided comments in Federal Energy Regulatory Commission Docket No. RM21-3 on the Commission’s proposal to allow utilities to tap into very lucrative financial incentives – paid by ratepayers – to fund cybersecurity investments that exceed minimum federal mandates. As an organization dedicated to advocacy on behalf of households, Public Citizen fully appreciates that consumers can benefit from investments in cybersecurity protections, and we encourage utilities to make outlays that go above and beyond federal minimum requirements. But as cybersecurity challenges and corresponding investment needs quickly mount, it is unjust and unreasonable to expect consumers to bear all of the responsibility of looming cybersecurity defense needs. Shared financial responsibility among shareholders and owners of utility infrastructure, federal and sub-federal governments, and consumers is necessary to ensure equitable investments for needed cybersecurity enhancements.

Utilities can rely on existing cost-of-service rate treatment to fund voluntary cybersecurity investments and do not require incentives such as ROE adders or deferred cost recovery. Preventing cybersecurity attacks is a shared financial responsibility among utilities, consumers and the government, and therefore consumers should not be responsible for shouldering all of the investment burden. FERC should improve minimum cybersecurity standards rather than rely on incentive rate treatment for voluntary investments. The development and enforcement of cybersecurity standards by NERC will be enhanced by implementing governance reforms at NERC, including placing a bona fide consumer advocate on the Board of Trustees.

Read the full filing here: Cybersecurity Incentives