Dive Brief:

• FERC's ability to control and protect sensitive, non-public information is "severely lacking," according to a new report by the U.S. Department of Energy.
• The analysis was done following media reports last year on the vulnerabilities of the United States' electrical transmission grid, which included sensitive data.
• The report includes five recommendations, including ensuring FERC staff possess the necessary security clearances and receive adequate initial and refresher training.

Dive Insight:

Last year the Wall Street Journal reported on FERC's analysis of the nation's power grid, including the conclusion that an attack on just nine substations could lead to a nation-wide emergency. The information came from an improperly-classified report, DOE concluded, and sparked a review of how FERC handles data that is sensitive and non-public.

"The immediate issue with regard to making the electric grid simulations public appears to have been addressed," the report said. "However, the matter regarding protection and sharing of sensitive commission information in the future has not."

"Our review revealed that the Commission's controls, processes and procedures for protecting nonpublic information were severely lacking," DOE said in the report.

DOE recommended ensuring FERC employees are aware of and properly trained on their responsibilities related to critical infrastructure data, as well as ensuring they possess the necessary security clearances and training.

The report also recommended FERC and DOE "work with appropriate officials to address the apparent confusion between the commission and the department regarding respective roles, responsibilities and authorities to classify Commission-created information."