Acting Chairman LaFleur’s response describes the actions taken by FERC after the attack, including briefing utilities, state regulators, and industry organizations, identifying critical grid facilities in need of protection, and developing specific protective measures appropriate to vulnerable sites. FERC is also working with NERC, the Department of Homeland Security, the Department of Energy, and the Federal Bureau of Investigation to “reach out to utilities, sates, and law enforcement” on issues of physical security. Acting Chairman LaFleur believes the current response has been implemented “more quickly and more confidentially” than could be accomplished by regulation. Moreover, the protective measures taken have been uniquely designed to each location, which would be difficult to achieve with a fixed, mandatory set of rules.
However, the Acting Chairman agreed that additional regulation might be needed and asked for the assistance of Congress. Specifically, she suggested that Congress could help by providing an exemption to the Freedom of Information Act for sensitive security information and authorizing a federal agency (not necessarily FERC) to direct actions in the wake of an emergency caused by a physical or cyber attack on the power grid. Mr. Cauley has not yet responded to the Senators’ letter.