NARUC President shares 2013 projections
State utility commissions are facing a number of regulatory challenges, especially surrounding cybersecurity and emissions standards. In the following interview with FierceEnergy, Philip B. Jones, President, National Association of Regulatory Utility Commissioners, and Commissioner, Washington Utilities and Transportation Commission, shares some of his projections for 2013 and what NARUC is doing to help utilities navigate these challenges.
Commissioner Philip Jones of Washington was elected President of the National Association of Regulatory Utility Commissioners in November 2012. President Jones provides general oversight of the Association and serves as NARUC's primary voice before Congress, the courts, administrative agencies, and the general public.
FierceEnergy: You were recently elected NARUC President. What do you hope to accomplish and what issues will you be focusing on in 2013?
Philip B. Jones: First, thank you for this opportunity to speak with you and your readers. This is an exciting time to be in the energy sector, as your readers know.
Philip B. Jones, President, National Association of Regulatory Utility Commissioners, and Commissioner, Washington Utilities and Transportation Commission
My focus as NARUC president will be on protecting our consumers and our critical utility assets. Our consumers are already being asked to shoulder a heavy burden as utilities seek to update their infrastructure. Published reports estimate that modernizing our utility infrastructure -- from gas and water pipelines to electric transmission lines -- could cost more than $4 trillion over the next 20 years. The bulk of this money will come from the consumers who pay the bills. My focus is to make sure we are making these investments in a way that puts the smallest risk possible on our consumers.
As regulators, we handle these risks each day. But concerns over cyber security are coloring these investments decisions. Our members must make sure utilities are proactively shoring up their systems from a potential cyber attack, and doing so in a way that does not overburden consumers. I will be working with our members and facilitating a proactive response to this evolving risk.
Internally to NARUC, I hope to establish a renewed leadership team for the Association. Through term limits and other circumstances, we have a several openings on key NARUC committees. My priority will be to draw from our bench and help groom and nurture the next generation of NARUC leaders. Turnover is part of the job here and we are losing some outstanding leaders, but we have a strong pool of new members who I am confident will strengthen the organization and take us to new heights.
FierceEnergy: What is your outlook on cyber security policy for 2013?
We fully expect Congress to take up cyber security legislation next year. Our take is that if Congress acts, it should do so in a way that preserves existing statutory authority between the utility industry and the Federal Energy Regulatory Commission.
Also, we must make sure that any cyber policy recognizes and makes a distinction between cyber threats and vulnerabilities. The federal government has the resources and mandate to fully investigate and resolve national security threats. If the intelligence agencies are aware of an imminent cyber treat to the utility industry, say to the transmission system or a power plant, then they should take any actions necessary to resolve the problem.
But vulnerabilities are different. Just about every element of our utility system is vulnerable to some kind of threat. Power lines are vulnerable to hurricanes, thunderstorms, and cars. Pipelines are vulnerable to age and backhoes. The utilities know these risks and are responsible for maintaining their system. Utility regulators are responsible for ensuring utilities are fairly reimbursed for the cost of providing safe and reliable service. Our federalist system puts those with the local knowledge in charge of protecting and maintaining these local assets. Any congressional legislation should maintain this system.
At the same time, communication is absolutely essential. There will be times when federal agencies have classified information about imminent threats to our nation's critical infrastructure. When this happens, we expect Washington to do what they need to do and protect our citizens. That is their job—to protect us from harm. Also, they must communicate with the utilities and their regulators if they see actionable intelligence on vulnerabilities. If utilities are not made aware of possible cyber attacks on their systems, how can they be expected to address them? Information sharing is key—if we're all on the same page, we can get this done right.
FierceEnergy: What are going to be the biggest challenges for state regulators on this issue (cybersecurity)?
Our biggest challenge is two-fold: Information sharing and risk assessment. Let's start with information sharing. As I said earlier, the federal government is responsible for protecting us from imminent threats to our critical assets. This means they must be aware of any potential cyber worms or viruses that could impact our utility system. It also means they must communicate these threats to our utilities so they can be resolved, hopefully well before an attack occurs.
For regulators, we allow utilities to recover system maintenance costs from their consumers, such as distribution improvements like tree trimming (vegetation management). We have a variety of tools in our tool box to determine the appropriate regulatory mechanism, such as deferred accounting or smoothing these costs out over a number of years. But our overall standard is that these costs must be prudent, just, and reasonable.
Cyber-security and other safety and reliability related expenditures top the list. A key challenge we face is ensuring that we have all the information needed to make these kinds of determinations. We do not want to be in a situation where a utility seeks to recover cyber costs, but is unable to provide us with much information because of the classified nature of the request. We can come up with appropriate protocols to keep certain data private, but we must balance this with our responsibility to ensure each and every cost passed through to consumers is in the public interest. Simply put, we need to make sure that every consumer dime that pays for cyber investments actually goes to these investments.
The second challenge is risk-assessment. It is incumbent upon all of us—the federal government, the utility industry, and the State regulators—to communicate and prioritize threats and vulnerabilities. Immediate threats deserve immediate attention, but vulnerabilities can be addressed in a risk-based, deliberate manner. The utilities need to determine where these vulnerabilities are and tell us their plans for resolving them. We must work together so we can protect our critical infrastructure and our consumers.