The joint New York utilities have filed reply comments with the New York PSC requesting that the PSC take "swift" action to confirm that the utilities may prohibit ESCOs and other entities (energy service entities or ESEs) from accessing utility systems if ESEs do not comply with the cybersecurity requirements developed by the utilities

The reply comments largely recite the utilities' previously reported concerns and positions

"In sum, despite conceding that there may be cyber risk or risk of losing customer information, the objecting parties incorrectly argue that the Joint Utilities’ have not demonstrated that ESEs should be required to sign a Data Security Agreement ('DSA') and meet the minimum cyber security standards in the technical requirements checklist in the DSA, known as the Self Attestation ('SA'). Indeed, the comments demonstrate many parties’ preference that there be no requirements associated with their connections to utility systems to receive customer data. Fundamentally, the ESEs that oppose the DSA prefer to maintain the status quo, that is, where the Joint Utilities, and thus, their customers, absorb the risks and costs associated with cyber security and data protection for the ESEs’ transactions with the Joint Utilities," the utilities said

"The status quo cannot and should not be maintained, and the Commission should take swift action to make clear that ESEs – in particular those that have not signed -- must promptly comply with the minimum data security requirements contained in the DSA to continue to connect to utility systems and receive confidential customer information. The ESEs should be responsible and accountable for their actions and appropriately protect their cyber environments and customer data received from the Joint Utilities. As the Court of Appeals just expressly affirmed without equivocation in response to a challenge from energy service companies ('ESCOs'), the Commission is authorized to condition access to utility infrastructure. As the Commission has already found for Community Choice Aggregation ('CCA'), the Joint Utilities assert that minimum cyber security standards and a corresponding DSA must be a condition of such access for all ESEs," the utilities said

Among other things, the utilities asked that the PSC:

• Affirm the Joint Utilities’ authority to require ESEs to satisfactorily complete a DSA and prohibit ESEs from electronic access to utility systems as well as customer data without a DSA

• Affirm the Joint Utilities’ authority to require cyber security insurance

• Affirm the Joint Utilities’ authority to require ESE indemnification of the Joint Utilities.

See the full comments by the Joint Utilities here

Tags:
New York   EDI  

Comment on this story


ADVERTISEMENT
NEW Jobs on RetailEnergyJobs.com
Energy-Regulatory-Specialist -- Other -- Other
More Stories on RetailEnergyX.com:
Long Island Lawmakers Decry "Poison Pill" Charge In LIPA Tariff For Opt-out Municipal Aggregation
NY Agency Reminds That Unsolicited Telemarketing Calls Are Prohibited During State of Emergency
New York DPS Staff Proposes Customer Data Access Framework, Consent, Qualifications (Cyber-risk)
Multi-City New York Municipal Aggregation Including Albany & Capital Region Delayed
LIPA Adopts Tariff Allowing Opt-out Municipal Aggregation