National Regulatory Research Institute - A Summary of State Regulators’ Responsibilities Regarding Cybersecurity Issues
The United States’ critical infrastructure sectors face the risk of cyber attacks on a frequent basis, with potential impacts that could cause damage to vital systems, expose customer information to theft, or severely limit necessary safety activities. To get a better understanding of those issues, the Middle Atlantic Cybersecurity Collaborative (MACC) directed the National Regulatory Research Institute (NRRI) to study the cybersecurity responsibilities and practices of state utility commissions across the nation as well as the roles of numerous other state, federal, and private sector organizations.
This study describes the relationship of cybersecurity issues to some basic commission responsibilities and the associated challenges in cybersecurity regulation. Then, the study compiles actions taken by various commissions, including ongoing dockets that may result in further rules or orders, and how cybersecurity expenses have been treated within some rate cases. The study then examines actions taken by other organizations such as federal agencies, state legislatures, and industry organizations, and concludes by identifying trends in state utility commission actions.