FERC's final rule amending CEII regulations

Key Words: 
Region: 

A little more than four years after they were first issued, FERC has amended its CEII regulations. The amended regulations (read FERC's final rule or its order on rehearing) have several significant new features.

Refined Definition of CEII

Observing that "many submitters over utilize [CEII] designation," FERC has restricted its definition of CEII, which is now defined as "specific engineering, vulnerability, or detailed design information about proposed or existing critical infrastructure that:

  1. Relates details about the production, generation, transportation, transmission, or distribution of energy;
  2. Could be useful to a person in planning an attack on critical infrastructure;
  3. Is exempt from mandatory disclosure under the Freedom of Information Act, 5 U.S.C. 552 (2000); and
  4. Does not simply give the general location of the critical infrastructure."

(Note: Bolded / italicized text indicates where the definition has changed)

FERC goes on to clarify that "narratives such as the descriptions of facilities and processes are generally not CEII unless they describe specific engineering and design details of critical infrastructure."

NDA requirement for CEII requests

Anyone requesting CEII must now submit an executed non-disclosure agreement (NDA) along with their request. Non disclosure forms for the general public (as well as specific forms for the media, federal agencies, state agencies, and consultants) are available along with CEII request forms at FERC's CEII help page.

Increased concern over CEII abuses

The Coalition (and others) have long complained that FERC's CEII designation process encourages abuse by allowing utilities to designate information as CEII without any meaningful review. Some utilities have blatantly abused the system by incorrectly labeling non-critical information as CEII in order to restrict public access. A more common practice is to combine information that should not be restricted with legitimate CEII information in a single submission, thus keeping all of the information hidden from the public.

In its order, FERC reminds utilities that they should segregate CEII and non-CEII information and provide a justification for why information has been designated as CEII. FERC also appears to be putting utilities on notice that blatant abuse will not be tolerated, writing that the Commission "will take action against applicants or parties who knowingly misfile information as CEII, including rejection of an application where information is mislabeled as CEII or where a legal justification is not provided."