RESA Asks New York PSC To Establish Cybersecurity Working Group
August 29, 2018 Email This Story Copyright 2010-17 EnergyChoiceMatters.com
Reporting by Paul Ring • firstname.lastname@example.org
The following story is brought free of charge to readers byEC Infosystems, the exclusive EDI provider of EnergyChoiceMatters.com
The Retail Energy Supply Association requested that the New York Public Service Commission establish a Cybersecurity Working Group (CWG) modeled after the current EDI Collaborative.
"As technology evolves, cybersecurity will continue to be an imperative topic for the Commission, ESCOs, the Joint Utilities and EDI vendors alike. A CWG will provide all stakeholders with the organizational structure necessary to address the rapid technological changes in this area. This proposed construct is especially important to ensure that the appropriate personnel with the necessary skill sets are involved in the development of future cybersecurity protocols and to protect the interests of the various market participants. Accordingly, the Commission should form a CWG modeled after the current EDI Collaborative as soon as practicable," RESA said in its motion
RESA said that, "a CWG will help ensure uniform statewide standards and promote fundamental fairness."
Citing the recognized need for standardization across utilities with respect to EDI, RESA said, "for similar reasons, cybersecurity standards should also be uniform across all utility service territories. For instance, while RESA recognizes that the Joint Utilities proposed a standardized DSA, it is possible that, in the future, each utility could require a different DSA or establish different cybersecurity protocols to which ESCOs must agree to abide."
RESA also said that, "a CWG will help ensure a more comprehensive and well informed set of standards and promote fundamental fairness."
RESA said that, "the integration of cybersecurity protocols into existing processes is a complex commercial and technical exercise. From a practical perspective, all parties would benefit from the opportunity to receive input from other stakeholders in a centralized setting instead of through communications with individual parties, which inherently leads to a lack of consistency. As evidenced by the discussions during the stakeholder meeting, no one stakeholder or group of stakeholders has a complete understanding of the current business rules and transaction sets or can adequately represent the impact of proposed cybersecurity standards on all other stakeholders. A CWG modeled after the current EDI Collaborative would provide a process for stakeholder discussion in a manner that ensures the people with the necessary expertise are involved and that allows for a free exchange of ideas and more informed discussion than one-on-one negotiations or a more formal regulatory proceeding can provide. Cybersecurity protocols that are structurally comprehensive and well-informed will also benefit consumers by ensuring that customer information is adequately protected."
"Moreover, requiring the CWG to file a report with its recommendations with the Commission for review and approval, like is currently done by the EDI Collaborative, will promote fundamental fairness. The DSAs and Attestations as proposed have terms and requirements embedded within them that will have the effect of setting precedent on many important issues, including standards for information security programs and insurance requirements, to name a couple. Cybersecurity standards of general applicability should be subject to Commission review and approval" RESA said
RESA said in its motion that, "Furthermore, it is RESA’s understanding that the Joint Utilities believe they have the authority, pursuant to section 2(F)(a) of the Uniform Business Practices ('UBP'), to discontinue an ESCO’s participation in their retail access programs if that ESCO refuses to complete the Attestation and/or sign the DSA. If that is the case (which RESA disputes), the utilities should not simply be permitted to require the ESCOs to abide by whatever requirements they propose. Under this paradigm, the utilities could unilaterally require that ESCOs enter into DSAs that they have drafted and then deny ESCOs continued participation in their retail access program if they refuse to do so. However, before ESCOs are potentially deprived of their continued ability to serve customers in any particular utility service territory, fundamental fairness dictates that the requirements that the utilities impose should be subject to review and approval by the Commission to ensure that, at a minimum, they are not arbitrary and capricious. Accordingly, RESA requests that the Commission establish a CWG modeled after the EDI Collaborative that provides stakeholders an opportunity to evaluate and recommend standards subject to Commission review and approval and avoids giving one set of stakeholders the unilateral and unfettered power to both establish and enforce standards to which their competitors will be subject. In this way, the Commission can promote a free exchange of ideas while ensuring fundamental fairness to all stakeholders."
RESA recommended that the Commission model a CWG on the EDI Collaborative.
"First, the CWG should be established by a Commission order that sets forth the scope of its authority and the steps that must be undertaken to propose a change to cybersecurity protocols and practices, the DSA or Attestation. By setting forth these requirements in an order, the Commission can ensure that a uniform process is employed for all such changes and that all stakeholders, including new market entrants, are aware of the CWG and its role," RESA said
The CWG should be structured and run similar to the EDI Collaborative, RESA said, with the CWG required to submit a report and recommendations, including any necessary implementing documents, to the Commission for review and approval