New York PSC Opens Proceeding On ESCO Cyber Security Issues, Liability Insurance
June 15, 2018 Email This Story Copyright 2010-17 EnergyChoiceMatters.com
Reporting by Karen Abbott • kabbott (at) energychoicematters.com
The following story is brought free of charge to readers byEC Infosystems, the exclusive EDI provider of EnergyChoiceMatters.com
The New York PSC commenced a proceeding to address cyber security protections concerning ESCO and utility data exchanges
The PSC in an order said that, "In the discussions that are being held among the Joint Utilities, Department Staff, and energy services entities, all parties agreed with the need for appropriate cyber security protections. The Joint Utilities are currently pursuing these business-to-business discussions pursuant to the Uniform Business Practices approved by the Commission in Case 98-M-1343. In those discussions, the Joint Utilities have requested that all energy services entities complete a Self-Attestation of Information Security Controls by the end of June 2018. Additionally, the Joint Utilities are requesting that energy services entities review and comment on proposed Data Security Agreements (DSAs) by June 22, 2018, and to be prepared to sign a final DSA by the end of July 2018. The attestations are designed to expeditiously identify any material gaps in current best practice cyber security controls. Any material gaps will need to be promptly remedied. Additional protections, including liability assurance, indemnification, audits, and cyber insurance, are being addressed in the DSAs. Joint Utilities’ proposed DSA is modeled after the DSA approved by the Commission in the CCA DSA Order. The Commission supports the business-to-business process described above, including the current deadlines, which have been agreed to by all parties."
The PSC in an order said that, "It is essential to ensure that cyber security protections are being adequately addressed to mitigate vulnerability of utility systems to cyber-attacks, and to ensure that confidential and sensitive customer information remains safeguarded from potential data breaches. To support these goals, the Commission directs Department Staff to review the issues being addressed in the current business-to-business process between the Joint Utilities and energy service entities, and ensure that any issues that cannot be properly resolved in that forum are addressed in this proceeding. Department Staff is directed to, by August 31, 2018, file a report on the status of the business-to-business process undertaken to address cyber security issues. The Commission’s goals are to ensure that adequate cyber security protections are in place to protect utility systems and confidential and sensitive customer information, and to explore whether insurance is an efficient and effective vehicle for mitigating any potential financial risks. These issues should be developed to address both the energy services entities, as well as distributed energy resource suppliers."
The PSC in an order said that, in the Commission Secretary’s sole discretion, the deadlines set forth above may be extended. Any request for an extension must be in writing, must include a justification for the extension, and must be filed at least one day prior to the affected deadline, the PSC said