New federal legislation aims to give regulators expanded authority to avert cybersecurity attacks and physical threats to the nation\u2019s grid as it becomes increasingly digitized, making it more vulnerable. The Federal Energy Regulatory Commission appears to have clear authority on transmission lines, but as electricity is stepped down for local distribution, and that distribution system becomes \u201csmart\u201d with meters and other communications, the cybersecurity authority comes into question. The extent of the emergency authority granted under a draft law, and which agencies could use that authority, was the focus of a U.S. Senate Energy and Natural Resources Committee hearing May 4. Also under debate was whether FERC\u2019s authority extends to distribution systems in emergency situations. Without resolution, lawmakers debated not only federal, state, and industry turf issues, but also the kind and extent of security measures needed, the speed at which they\u2019re developed and at what cost. \u201cThere\u2019s got to be some consideration of costs and big consideration given to who pays for it,\u201d said Senator Richard Burr (R-NC). The costs are to be borne by ratepayers. The legislation gives FERC emergency authority to act to protect against any imminent danger to the grid. Just how that is defined and whether the North American Electric Reliability Corporation (NERC), state utilities, state regulators--such as the California Public Utilities Commission--have much of a say are controversial. Industry, and other agencies, insisted they become part of the response team to thwart or curb threats to the electrical system. Those threats may include hacking, worms, solar storms, car bombs, and disgruntled employees. \u201cMake sure that folks operating the system are involved in decision making,\u201d said David Owens, Edison Electric Institute executive vice president. He added that protecting the so-called \u201csmart grid\u201d is \u201cnot a \u2018check the box\u2019 exercise.\u201d It\u2019s an evolutionary process involving \u201cnew equipment and new players, including vendors, manufacturers, utilities, and regulators,\u201d he added. NERC develops reliability standards and has been working with federal regulators since 2006 on cybersecurity rules. NERC\u2019s standards are developed in open hearings with stakeholder input. While inclusive, NERC has been criticized for being too slow to respond effectively to cyber attacks, and other human and natural risks. FERC \u201cshould be able to require mitigation even before or while NERC and its stakeholders develop a standard, when circumstances require urgent action,\u201d said Joseph McClellan, FERC Office of Electric Reliability director. He noted the standards development process \u201ccan be an impediment when measures or actions need to be taken to address threats to national security quickly, effectively and in a manner that protects against the disclosure of security-sensitive information.\u201d Also at issue was how to define \u201cimminent danger\u201d under the legislation, which when found allows FERC to step in to protect electrical infrastructure, which currently includes the distribution systems in California and other states regulated by state utility commissions. The energy panel is one of several Senate committees examining cybersecurity.