Recently in Washington State Government Category

Governor Inslee to Keynote Washington Future Energy Conference

October 17, 2014

Please join us at the Washington Future Energy Conference on November 5. Gordon Thomas Honeywell is proud to be a major sponsor of this event. Now in its fifth year, the Future Energy Conference brings together energy innovators, utilities, scientists, investors, and many others to discuss the future of the energy industry in our state.

Washington Gov. Jay Inslee will present the keynote address at this year's conference. In addition, key officials from Gov. Inslee's administration will conduct a featured panel discussion entitled "Washington's Climate and Energy Future." The panel will be moderated by Keith Phillips, Gov. Inslee's Special Assistant on Energy and Climate Change. Three officials with critical responsibilities for Gov. Inslee's energy and climate agenda will participate in the panel: Brian Bonlender, Director of the Washington State Department of Commerce; David Danner, Chairman of the Washington Utilities & Transportation Commission; and, Lynn Peterson, Director of the Washington State Department of Transportation.

Because energy and climate issues are central to Gov. Inslee's agenda and are likely to be major topics of discussion in the upcoming session of the Washington legislature, these presentations are timely and of great interest to anyone interested in energy, climate issues, and related issue of economic and environmental policy.

Join GTH at the Washington Future Energy Conference

September 9, 2014

Please join us at the Washington Future Energy Conference on November 5. Gordon Thomas Honeywell is proud to be a major sponsor of this event. Now in its fifth year, the Future Energy Conference brings together energy innovators, utilities, scientists, investors, and many others to discuss the future of the energy industry in our state.

Speakers include GTH partner Eric Christensen, who will moderate a panel discussing the electrification of Washington's transportation system. The panel will include Steve Marshall of the Center for Advanced Transportation and Energy Solutions, Charles Knutson, Senior Policy Advisor to Washington Governor Jay Inslee, and John McCoy, Legislative Director for the Seattle Electric Vehicle Association.

We look forward to seeing you November 5.

Who Holds the Almighty and Powerful Ring? 13 Steps for Utility Cyber Security Protection

May 13, 2014

We are happy to announce that Eric Christensen and Maj. Gen. (Ret.) Tim Lowenberg of GTH-Governmental Affairs have published the cover story in the May 2014 Northwest Public Power Association Bulletin. Here is a link to the article on the NWPPA's website. The text of the article follows:

Cover Story
Who Holds the Almighty and Powerful Ring in the Cyber World?
Thirteen Steps for Utility Cybersecurity Protection


By
Eric Christensen, Partner
Gordon Thomas Honeywell

and

Maj. Gen. (Ret.) Tim Lowenberg, Vice President
Gordon Thomas Honeywell Governmental Affairs

While computer and internet technology create enormous benefits for twenty-first century utilities, they also expose utilities to new and sinister cyber threats. For utility managers, entering the cyber world can feel like entering J.R.R. Tolkien's "Middle Earth", a strange land filled with treacherous creatures like orcs, ring-wraiths, and wargs. Like Middle Earth, the cyber world is inhabited by peculiar and threatening forces ranging from amateur hackers to organized criminal enterprises searching for valuable financial information to politically motivated actors and nation-states capable of using malicious computer codes as weapons systems. And like Gollum, the hobbit twisted beyond all recognition by the power of the One Ring, threats in the cyber world often go undetected, arise from nebulous but nefarious motives and can unleash powerful, destructive effects beyond all expectation.

In light of the near-universal consensus among defense analysts, policy makers and computer experts that the electric utility sector is among the most vulnerable of sectors to cyber-attacks, how should utility managers address these threats? We recommend the following thirteen steps that all utilities, regardless of size, should take to mitigate risk in the complex and ever changing world of cyber-security.

Step 1: NIST Cybersecurity Framework
On February 12, 2014, the National Institute of Standards and Technology ("NIST") released the first version of its Framework for Improving Critical Infrastructure Cybersecurity. The Framework, issued in response to President Obama's Executive Order No. 13636, is intended to create common, voluntary industry standards and best practices for addressing cyber-security threats. The Framework provides a standardized approach for identifying cyber-security threats and protecting organizations against those threats through technological fixes and education of management and front-line operators. While the Framework is an ongoing and evolving document, it is a useful starting point for developing a cyber security strategy. The steps we recommend here are consistent with the NIST Framework.

Step 2: NERC CIP Standards
Because they are mandatory and violations can lead to substantial penalties, NERC Reliability Standards are, of course, of primary concern to electric utilities. NERC's Critical Infrastructure Protection ("CIP") standards define utility obligations to address threats in the cyber-security realm and should therefore be a prime focus of every utility. After a long period of flux, the Federal Energy Regulatory Commission ("FERC") in November 2013 adopted Version 5 of the CIP standards, with certain reservations. Utilities with "High and Medium Impact" assets (as defined in NERC's "BES Cyber Asset" definition) must come into compliance with Version 5 by April 2016 and those with "Low Impact" assets must come into compliance by April 2017. Utility managers should therefore pay careful attention to these standards, as well as refinements to the standards now under development in response to FERC's November 2013 order. In addition, NERC is conducting a pilot program with results due in the near future that should provide useful information for utility compliance managers.

Utility managers should also pay close attention to physical security standards. In reaction to damage caused by a sophisticated physical attack on the Metcalf Substation in California's Silicon Valley, FERC on March 7 ordered NERC to develop standards to secure key electrical facilities against physical attack. Compliance with these standards could be extremely expensive. In raising this concern, FERC Commissioner John Norris recently noted that just three utilities reported to him they may have to spend more than $500 million for physical security enhancements in the wake of the Metcalf incident. As is also obvious, under-reaction could prove even more costly for the utility and for our national security.

Step 3: Develop a Cyber-Security Strategy
In compliance with the NIST Framework and CIP standards, utility management should develop a cyber-security strategy that identifies cyber-risks, provides clear guidance and training to utility employees to effectively address those risks, and ensures the strategy is carried out and documented through continuous feedback to utility managers. As discussed below, it is important that the strategy include coordination with affected municipal and state governments, first responders, and Federal Information Sharing and Analysis Centers ("ISACs").

Step 4: CEO Briefings
The Cyber-Security Strategy developed in Step 3 should include a requirement for regular briefings of the utility's chief executive officer and relevant senior management by cyber security personnel, including updates on newly-identified cyber threats, progress in implementing CIP standards and other mitigation measures, and adaptations to the Strategy to address new threats, vulnerabilities and emerging challenges. Such briefings demonstrate the importance of cyber-security to the rest of the organization and ensure senior management is aware of cyber-related issues. Full awareness of cyber threats should, in turn, help assure the organization is devoting adequate resources to addressing those threats, and build the "culture of compliance" NERC looks for in assessing adherence to Reliability Standards.

Step 5: Legal Review of IT Contracts
The utility should conduct a legal review of its IT equipment and services contracts to ensure compliance with CIP standards, the Security Development Lifecyle guidelines discussed below, the utility's internal Cyber-Security Strategy, and other relevant requirements.

Step 6: Review IT Procurement
The utility should also ensure it is procuring computer software and hardware in a "secure" manner in conformity with Security Development Lifecycle ("SDL") processes and other best practices. Such procurement practices guard against incorporation or introduction of unsafe equipment and malicious software into the utility's computer systems.

Step 7: Procurement Staff Training
Consistent with Steps 5 and 6, the utility's procurement and acquisition staff, as well as its IT security staff, should receive training on SDL and other requirements relevant to IT acquisition and should be given resources sufficient to ensure effective cyber security provisions are incorporated into all IT acquisition contracts.

Step 8: Verify Implementation of Cyber-Related Contract Requirements
To ensure the measures discussed in Steps 5 through 7 are properly implemented, the utility should review its contractual relationships with third party IT service providers to verify that security-related requirements of IT contracts are actually being carried out in conformity with contractual and industry standards. Substandard computer installations and non-conforming contract services can give hackers, cyber-criminals, and cyber-attackers access to critical computer-controlled infrastructure.

Step 9: Use Information Sharing and Analysis Centers ("ISACs")
ISACs (mentioned in Step 3 above) are sector-specific organizations developed voluntarily in cooperation with the Department of Homeland Security to facilitate detection and prevention of cyber-intrusions, vulnerability scanning, penetration testing, and training and education services. The Department of Homeland Security coordinates the flow of information to, from and among fifteen national ISACs. Utility managers and security officials should pay particular attention to ES-ISAC, the ISAC for the electricity sector. Information from other ISACs may also enhance awareness of cyber-threats as well as the tactics, techniques and procedures employed by nefarious actors. These collateral sources include the Multi-State ISAC, which provides cyber threat information and cyber response assistance to state and local governments including utility commissions; the Supply Chain ISAC, which focuses on threats identified in the acquisition/procurement process; the Water ISAC, which provides useful information for water utilities; the Nuclear Energy ISAC, which covers nuclear energy cyber issues; and the Financial Services ISAC, which has information helpful to protecting the financial information of utility customers as well as the utility's own financial information.

Step 10: Develop Disaster Recovery Plans
Most utilities have extensive business continuity and recovery plans that describe how the utility will deal with natural disasters such as earthquakes and major storms. Disaster preparedness also requires development of plans to assure the utility's recovery from a major cyber-attack or series of attacks. The threat of such attacks is so real that a cyber mitigation, response and recovery plan should be the subject of a separate, detailed Annex to the utility's continuity plan. NARUC's Cybersecurity for State Regulators 2.0 (February 2014) provides a comprehensive set of criteria and recommended actions (from a wide variety of sources) for utility commissions to use as assessment tools. These sources and others are helpful in developing an effective Cyber Annex to the utility continuity and recovery plan.

Step 11: Build a Relationship With Law Enforcement
Federal, state and local law enforcement agencies and some state military departments have important roles in identifying cyber intrusions, developing coordinated responses to such intrusions, apprehending or assisting in the apprehension of cyber criminals and recovering from major cyber incidents. Utilities should strive to build strong relationships with these agencies. To be effective, the utility must pre-identify the specific law enforcement officials it will contact in case of a suspected terrorist attack or cyber intrusion. The utility should go beyond the minimum requirement of compiling a contact list to create active, ongoing relationships with the law enforcement officials it will need to rely on in the event of a major cyber-attack.

Step 12: Practice Cyber Incident Responses
As with most utility functions, the adage "practice makes perfect" applies to cyber incident preparedness and cyber incident response. Fortunately, the Department of Homeland Security's "Cyber Storm" program offers excellent opportunities for utilities to participate in a realistic simulation of a major cyber-attack. The Cyber Storm exercise series provides an opportunity for more than 1,000 local entities to participate in a coordinated, week-long national cyber exercise, the results of which are used to develop other progressively challenging exercises and enhance the nation's cyber response systems. Washington utilities such as Snohomish County PUD played an active role in the 2013 Cyber Storm exercise. The next Cyber Storm exercise is scheduled for 2015.

Step 13: Support Your Local Emergency Response Plan
Finally, the utility should determine if its state government has developed a cyber response plan. If a plan exists, the utility at a minimum should become thoroughly familiar with it and, even more important, should offer to participate in the development and continuous testing and refinement of the plan.

The State of Washington, for example, leverages its "cyber security centers of excellence" and lessons learned from Cyber Storm exercises to integrate cyber security planning by state agencies ranging from the Washington Military Department (including its civilian State Emergency Operations Center and Air and Army National Guard cyber operations units) to the Office of the State Chief Information Officer, the Washington State Patrol, the Washington State Fusion Center, the Utilities and Transportation Commission, state universities, municipalities such as the City of Seattle, aerial and maritime port authorities and public utilities. These and other stakeholders, participating as members of a Washington State Cyber Integrated Project Team, have contributed to development, testing and refinement of a Washington State Cyber Incident Annex that is based on the National Cyber Incident Response Plan. The Washington Cyber Incident Annex includes provisions for convening a Cyber Unified Coordination Group to oversee cyber incident responses, which representatives from utilities and other critical infrastructure sectors that could be subject to cyber attack.

CONCLUSION
The conflict between good and evil in Middle Earth was finally resolved when Gollum, still madly clutching the One Ring, falls into the fire at the Cracks of Doom. With the malevolent force of the Ring destroyed, the forces of evil were shorn of their power and collapsed, allowing the hobbits and other peaceful residents of Middle Earth to return to normal life. The moment when the forces of evil in the cyber world will be shorn of their power is a long way off. Until that time comes, dealing with malevolent forces in the cyber domain will be an omnipresent and growing challenge. Because electric power is so critical to the functioning of our modern society, utilities are, willingly or not, thrust into the role of front-line players in the battle for control of cyberspace. The thirteen steps described above, if implemented, will help utilities protect their own assets, and help secure the nation against potentially crippling cyber attacks.

Governor Inslee Issues Comprehensive Executive Order on Climate Change

April 29, 2014

Washington Governor Jay Inslee today issued an Executive Order that will address Washington's greenhouse gas ("GHG") emissions on many different fronts. Issued in apparent response to the legislative logjam that has developed around the Climate Legislative and Executive Workgroup, the Executive Order (No. 14-04), requires actions in the following areas:

Cap-and-Trade Legislation: The Executive Order creates a new Carbon Emissions Reduction Task Force to develop a legislative recommendation for a "cap and-market" mechanism, which would limit carbon emissions and establish an emissions allowance trading system designed to achieve GHG reductions in the most efficient manner. The Task Force, which includes 21 members from business, labor, health, and public interest organizations, meets for the first time today. It is instructed to provide recommended legislative by November 21, 2014.

Coal-Fired Electricity: The Executive Order directs the Governor's Legislative Affairs and Policy Office ("LAPO") to seek "negotiated agreements with key utilities and others" to reduce coal-fired electricity imported from outside the state and transition to cleaner sources. With the transition of Washington's only coal-fired plant at Centralia now well underway, Washington's remaining sources of coal-fired electricity will be generators located in states to the east, such as the Colstrip plant in Montana. Addressing the "coal-by-wires" issue is therefore the last remaining front for attacking significant GHG emissions in the electricity sector. The Executive Order requests help from the Washington Utilities and Transportation Commission ("UTC") and the Northwest Power and Conservation Council to "actively assist and support" the transition away from coal-fired electricity, although, as we've previously discussed, the UTC has already moved significantly in this direction.

Continue reading "Governor Inslee Issues Comprehensive Executive Order on Climate Change" »

Complicating "Coal By Wires" Regulation, Minnesota Court Strikes Down Greenhouse Gas Regulation

April 21, 2014

In a ruling with potentially far-reaching consequences for state-level attempts to regulate greenhouse gases, the U.S. District Court for the District of Minnesota on April 18 issued a ruling striking down key elements of Minnesota's Next Generation Energy Act ("NGEA"). For the Pacific Northwest, in particular, the ruling could complicate efforts by Washington, Oregon, and California to limit "coal by wires" -- the importation of coal-generated electricity from plants located in states like Montana and Arizona. State of North Dakota et al. v. Heydinger et al., No. 11-cv-3232 (SRN/SER) (issued April 18, 2014).

Passed by Minnesota's legislature in 2007, the NGEA is aimed at reducing the carbon footprint of electricity consumed in the state. The statute prohibits new power plants within Minnesota that "would contribute to state power sector emissions." To address the "coal by wires" problem, the statute also broadly prohibits importing power generated outside Minnesota if that generation "would contribute to statewide power sector carbon dioxide emissions," and also prohibits long-term power purchase contracts from facilities larger than 50 MW that would contribute to Minnesota's power sector carbon dioxide emissions.

Continue reading "Complicating "Coal By Wires" Regulation, Minnesota Court Strikes Down Greenhouse Gas Regulation" »

Pacific Coast Action Plan Sets Framework for Regional Climate and Energy Action

November 7, 2013

Last week, the governors of the three West Coast states and the Premier of British Columbia signed the Pacific Coast Action Plan on Climate and Energy. While not legally binding, the Action Plan is important because it lays out a regional framework on climate and energy policy that is likely to be reflected in specific legislation and other measures adopted in each of the four jurisdictions, as well as in coordinated actions among the jurisdictions. Notably, the Pacific Coast regional economy produces a combined U.S.$2.8 trillion in GDP, making it the world's fifth largest economy when considered as a unit. Because the Action Plan charts a course for the future of this huge economy, the Plan is worthy of careful attention.

Issued under the auspices of the Pacific Coast Collaborative, the Action Plan lays out a series of policy goals in three areas, including climate policy, clean transportation, and clean energy infrastructure. Among these policy goals, several are particularly noteworthy:

Continue reading "Pacific Coast Action Plan Sets Framework for Regional Climate and Energy Action " »

Washington Supreme Court: Executive Privilege Allows Governor To Withhold Documents Under Public Records Act

October 17, 2013

In a milestone decision, the Washington Supreme Court today upheld Gov. Christine Gregoire's assertion of executive privilege to prevent disclosure of documents under the Washington Public Records Act. Concluding that the "cardinal and fundamental" constitutional principle of separation of powers overrides the Public Records Act's "strongly worded mandate for broad disclosure of public records," today's decision permits the Governor to assert executive privilege over documents created in the process of formulating policy and prevent disclosure of those documents under the Public Records Act. The decision effectively creates a new Public Records Act exemption for documents created in the executive branch policy formulation process. It also shifts the burdens of proof that generally apply under the Public Records Act. (Freedom Foundation v. Gregoire, Wa. Sup. Ct. No. 86384-9 (decided Oct. 17, 2013)).

Today's decision arose from a dispute over a half-dozen documents created by Governor Gregoire and her senior advisory staff discussing controversial topics such as replacement of Seattle's Alaska Way Viaduct, the Columbia River Biological Opinion, and medical marijuana legislation. An employee of the Freedom Foundation requested eleven documents on these subjects under the Public Records Act, which generally requires all government documents to be released upon request unless a specific exemption applies. Gov. Gregoire released five of the documents and a redacted version of a sixth. The remaining documents were withheld, but rather than following the usual course of relying on a specific statutory exemption to justify withholding, the Governor's office asserted executive privilege over the documents. The Governor argued that executive privilege is inherent in the separation of powers scheme implied in the Washington constitution, and the documents were subject to executive privilege because they were used by the Governor to formulate policy. The lower court agreed with these arguments and the Supreme Court accepted direct review.

Continue reading "Washington Supreme Court: Executive Privilege Allows Governor To Withhold Documents Under Public Records Act" »

A Fair Wind Blows: Washington Supreme Court Rejects Challenge to Whistling Ridge Wind Project

August 30, 2013

Yesterday the Washington Supreme Court rejected a challenge to former Governor Christine Gregiore's approval of a 35-MW wind farm in Skamania County proposed by Whistling Ridge Energy, LLC. Gov. Gregoire approved the project following a lengthy administrative process conducted by the state's Energy Facility Site Evaluation Council ("EFSEC") and EFSEC's favorable recommendation to the Governor. The Court's decision is important because it helps define what energy developers must do to mitigate impacts when a project is located near, but not in, a protected area and has potential spillover effects on the protected area. In addition, the decision is important to renewable energy developers in Washington because they have the option of using EFSEC to obtain project approval, which may be especially important where strong local opposition is at odds with state and national goals regarding renewable energy development. The decision is also important to many other types of energy facilities subject to EFSEC jurisdiction, including electric and natural gas transmission projects, LNG facilities, nuclear plants, and large thermal power plants.

The dispute arose because the Whistling Ridge project is near, but not in, the Columbia River Gorge National Scenic Area. The environmental petitioners object to Whistling Ridge primarily because it may be seen from some parts of the Scenic Area, and therefore may interfere with the aesthetic values that the Scenic Area was designed to preserve. In response to these concerns, EFSEC reduced the number of windmills allowed at the project from 50 to 35, and required "micro-siting" to further reduce the aesthetic impacts of the project. With these mitigation measures, EFSEC recommended that Gov. Gregiore approve the project. Gov. Gregiore followed this recommendation.

Continue reading "A Fair Wind Blows: Washington Supreme Court Rejects Challenge to Whistling Ridge Wind Project" »

Gov. Inslee Fills Key Energy and Natural Resource Positions With A Mix of Insiders and Experienced Government Hands

February 12, 2013

With this week's announcement that David W. Danner has been appointed the new Chairman of the Washington Utilities & Transportation Commission ("UTC"), Washington Governor Jay Inslee has completed the slate of key positions influencing energy and natural resources policy in the state. The key appointments are a mixture of long-time Inslee confidants and individuals with long experience in state government.

Mr. Danner is typical of Inslee appointees who have worked for many years in Washington state government. Mr. Danner has served since 2005 as the Executive Director of the UTC. Prior to that, he served as Gov. Gary Locke's policy advisor on energy and environmental issues, and served on the State's Pollution Control Hearings Board and Shoreline Hearings Board. Mr. Danner will fill the seat recently vacated by Commissioner Patrick Oshie. He will replace Jeff Goltz as UTC Chair, although Commissioner Goltz will continue to serve on the UTC along with Commissioner Phil Jones.

Other key appointments include:

Continue reading "Gov. Inslee Fills Key Energy and Natural Resource Positions With A Mix of Insiders and Experienced Government Hands" »