New York Utility Says ESCO Not In Compliance With New Data Security Agreement; ESCO Contests, Seeks Affirmation Utility Won't Initiate Disconnection Procedures
September 21, 2018 Email This Story Copyright 2010-17 EnergyChoiceMatters.com
Reporting by Paul Ring • firstname.lastname@example.org
The following story is brought free of charge to readers byEC Infosystems, the exclusive EDI provider of EnergyChoiceMatters.com
Outside counsel for Plymouth Rock Energy, LLC, in a letter to National Fuel Gas Distribution Corporation ("National Fuel"), a copy of which was also filed with the New York PSC in Matter No. 18-M-0376, contested National Fuel's characterization of whether Plymouth Rock Energy is in compliance with a new Data Security Agreement, and sought affirmation that National Fuel will not initiate disconnection procedures against Plymouth Rock
Outside counsel for Plymouth Rock Energy was responding to an email dated September 17, 2018 from a representative of National Fuel. Such email from National Fuel: (i) requested that Plymouth return to National Fuel Gas Distribution Corporation a signed Data Security Agreement (DSA); and (ii) asserted that, 'Plymouth Energy is not in compliance with NY PSC Case 18-M-0376 Proceeding on Motion of the Commission Regarding Cyber Security Protocols and Protections in the Energy Market Place.'
Outside counsel for Plymouth Rock wrote that, "Plymouth disagrees with National Fuel’s characterization of its decision not to return signed DSA as 'non-compliance with the Self-Attestation and Data Security Agreement.' The utilities do not possess the authority to decide Plymouth’s compliance. Rather, it would be accurate to state instead that Plymouth did not return the signed DSA."
Outside counsel for Plymouth Rock wrote that, "Plymouth strongly believes in having robust cybersecurity protocols and has demonstrated as much by signing the Self-Attestation Form ('Form'); however, Plymouth has material disagreements with several terms of the current draft version of the DSA. Plymouth submits that requiring execution of the DSA whilst material provisions remain under debate and certain cybersecurity requirements remain undefined is an unfair, unreasonable, and inappropriate request."
Outside counsel for Plymouth Rock wrote that, "At this juncture, and in recognition of the fact Plymouth has already committed to meeting the cybersecurity standards set forth in the SAF, Plymouth seeks affirmation from National Fuel that it will not initiate disconnection procedures against it; instead, Plymouth proposes that IT/cybersecurity specialists among the ESEs and the Joint Utilities enter into a dialogue to resolve material issues that remain in the DSA. Plymouth suggests continuation of this process for at least thirty days after Staff submits its report to the Commission, and then reevaluate the progress being made at such time. If progress is no longer being made at such time, Plymouth will consider withdrawing its request to National Fuel."
Outside counsel for Plymouth Rock wrote that, "Plymouth has been actively involved in the business-to-business process with the Joint Utilities, including in-person meetings and conference calls, individually and as a member of the New York Retail Choice Coalition and Supporting ESCOs (collectively, the 'DSA Coalition'). The significant revisions to the DSA reflect substantial progress toward a mutually acceptable agreement that protects the legitimate interests of consumers, the Joint Utilities, ESEs, and other market participants. However, despite this progress, Plymouth, like many other ESEs, objects to the current form of the DSA. The Joint Utilities unilaterally determined that the DSA was in a final form."
Outside counsel for Plymouth Rock wrote that there are numerous unresolved issues that could impose a liability on Plymouth under the DSA, and lists the concerns in such letter
"To be clear, Plymouth is not seeking to delay the implementation of ESCO compliance with the standards set forth in the SAF. Plymouth joins Commission Staff, the Joint Utilities and other ESEs in their efforts to take deliberate action to limit the exposure of customer data and IT systems to cyber risk," outside counsel for Plymouth Rock wrote
Outside counsel for Plymouth Rock wrote that, "The standards set forth in the SAF are designed to safeguard customer data and IT systems. Signing the DSA does not protect customer data and IT systems. Rather, it is the practices followed under the SAF which mitigate the risk and exposure from a cyber breach."
Outside counsel for Plymouth Rock wrote that, "Pursuing disconnection proceedings against Plymouth for withholding its signature on the Data Services Agreement will not enhance protection of customer data or safeguard IT systems against cyberattacks. Furthermore, for the Joint Utilities to take unilateral action where no real threat to cybersecurity exists is inconsistent with the standards in the UBP and would put the viability of Plymouth at risk. The resulting harm to Plymouth’s reputation and business interests, as well as potential loss of customers and goodwill, will unquestionably cause irreparable harm to the company. Such action may also cause Plymouth to (i) violate any financial covenants with other credit or financial entities, (ii) incur negative cash flow, (iii) breach service contracts Plymouth currently has in place with its customers and third-party vendors, (iv) lose customers to the utility, and (v) otherwise incur irreparable harm."
Outside counsel for Plymouth Rock wrote that, "If National Fuel cannot find resolution through acceptance of our proposal or similar relief, Plymouth will have no choice but to file a motion under Section 8(B)(2) of the Uniform Business Practices ('UBP') with the Commission to prevent any Joint Utility, including National Fuel from initiating (or threatening to initiate) disconnection proceedings against Plymouth as a result of not returning a signed DSA."