Recommendation: FERC should use available information, such as reports by transmission pipeline operators on service interruptions, to identify and assess risks to the reliability of natural gas transmission service. (Recommendation 1)

Agency: Federal Energy Regulatory Commission
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: FERC should develop and document an approach to respond, as appropriate, to risks it identifies to the reliability of natural gas transmission service. (Recommendation 2)

Agency: Federal Energy Regulatory Commission
Status: Open

Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

Recommendation: FERC should review its current interagency agreements that pertain to its onshore LNG permitting process, and implement any needed updates. FERC's review should include input from cooperating agencies and CEQ. (Recommendation 1)

Agency: Federal Energy Regulatory Commission
Status: Open

Comments: In FERC's comments on a draft of our report, the Chairman of the Commission agreed with our findings and recommendations and stated that he has directed FERC staff to develop appropriate steps to implement the recommendations.

Recommendation: Once FERC has completed the review and implemented any necessary updates to interagency agreements, FERC should establish a process to regularly conduct such reviews and, as necessary, update the agreements. (Recommendation 2)

Agency: Federal Energy Regulatory Commission
Status: Open

Comments: In FERC's comments on a draft of our report, the Chairman of the Commission agreed with our findings and recommendations and stated that he has directed FERC staff to develop appropriate steps to implement the recommendations.

Recommendation: FERC should review its LNG regulations and replace the reference to the outdated 1984 earthquake standard. (Recommendation 3)

Agency: Federal Energy Regulatory Commission
Status: Open

Comments: In FERC's comments on a draft of our report, the Chairman of the Commission agreed with our findings and recommendations and stated that he has directed FERC staff to develop appropriate steps to implement the recommendations.

Recommendation: FERC should establish a process to conduct a standards-specific review of regulations that incorporate standards every 3 to 5 years and to update the regulations, if necessary. (Recommendation 4)

Agency: Federal Energy Regulatory Commission
Status: Open

Comments: In FERC's comments on a draft of our report, the Chairman of the Commission agreed with our findings and recommendations and stated that he has directed FERC staff to develop appropriate steps to implement the recommendations.

Recommendation: FERC should consider our assessment and determine whether to direct the North American Electric Reliability Corporation (NERC) to adopt any changes to its cybersecurity standards to ensure those standards more fully address the NIST Cybersecurity framework and address current and projected risks. (Recommendation 2)

Agency: Federal Energy Regulatory Commission
Status: Open

Comments: In August 2020, FERC officials told GAO that the Commission assembled a team to conduct a technical analysis to develop a plan with appropriate next steps to address GAO's recommendations. As part of this effort, FERC issued two documents. In June 2020, FERC issued a Notice of Inquiry seeking comments on (1) whether NERC's cybersecurity standards adequately address certain NIST Cybersecurity Framework categories, and (2) whether modifications to the cybersecurity standards would be appropriate to address the potential risk of a coordinated cyberattack on geographically distributed targets. Additionally, in June 2020, FERC issued a white paper exploring a new framework for providing incentives to transmission facilities for cybersecurity investments that exceed the requirements of NERC's cybersecurity standards. The incentives are designed, in part, to incentivize cybersecurity investments by facilities that are not covered by NERC's cybersecurity standards, according to FERC officials. As of October 2020, this recommendation remains open.

Recommendation: FERC should (1) evaluate the potential risk of a coordinated cyberattack on geographically distributed targets and, (2) based on the results of that evaluation, determine whether to direct NERC to make any changes to the threshold for mandatory compliance with requirements in the full set of cybersecurity standards. (Recommendation 3)

Agency: Federal Energy Regulatory Commission
Status: Open

Comments: In August 2020, FERC officials told GAO that the Commission assembled a team to conduct a technical analysis to develop a plan with appropriate next steps to address GAO's recommendations. As part of this effort, FERC issued two documents. In June 2020, FERC issued a Notice of Inquiry seeking comments on (1) whether NERC's cybersecurity standards adequately address certain NIST Cybersecurity Framework categories, and (2) whether modifications to the cybersecurity standards would be appropriate to address the potential risk of a coordinated cyberattack on geographically distributed targets. Additionally, in June 2020, FERC issued a white paper exploring a new framework for providing incentives to transmission facilities for cybersecurity investments that exceed the requirements of NERC's cybersecurity standards. The incentives are designed, in part, to incentivize cybersecurity investments by facilities that are not covered by NERC's cybersecurity standards, according to FERC officials. As of October 2020, this recommendation remains open.

Recommendation: FERC should provide standard language and procedures to its staff on how to record information collected during inspections, including how and where to record information about safety deficiencies, in order to facilitate analysis of safety deficiencies across FERC's portfolio of regulated dams. (Recommendation 1)

Agency: Federal Energy Regulatory Commission
Status: Open

Comments: In February 2020, GAO confirmed that FERC had developed new standard operating procedures related for tracking deficiencies and follow-up items arising from dam safety inspections and other dam safety reviews. In addition, FERC told GAO that they plan to update their tracking system beginning in fiscal year 2021, which will facilitate the complete recording and subsequent analysis of safety deficiencies from inspections across FERC's portfolio of regulated dams. GAO will continue to monitor FERC's efforts to implement this recommendation.

Recommendation: FERC should use information from its inspections to assess safety risks across its portfolio of regulated dams to identify and prioritize safety risks at a national level. (Recommendation 2)

Agency: Federal Energy Regulatory Commission
Status: Open

Comments: In January 2019, FERC told GAO that it had begun developing a screening-level risk-assessment program to assess safety risks across the inventory of regulated dams and to help guide safety decisions. In February 2020, GAO confirmed that FERC had completed this screening-level risk assessment, and conducted some preliminary analysis of the results. In addition, FERC told GAO that the results of the screening level risk analyses will be used to revise the potential timing, frequency, and technical disciplines represented on dam safety inspections; to confirm or revise the urgency of existing and potential new follow up dam safety actions; and to identify previously unrecognized dam safety concerns and issues; to identify new dam safety priorities. GAO will continue to monitor FERC's efforts to implement this program.

Recommendation: FERC should regularly assess the overall performance of capacity markets by developing goals for assessing capacity market performance, measuring the performance of capacity markets against these goals, and using performance information to make changes as needed to capacity markets. To do so, FERC should leverage data and information already being collected by FERC, the RTOs, and the independent market monitors. (Recommendation 2)

Agency: Federal Energy Regulatory Commission
Status: Open

Comments: As of May 2020, FERC is in the process of taking steps to address this recommendation.

Recommendation: FERC should develop and document an approach to regularly identify, assess, and respond to risks that capacity markets face. (Recommendation 3)

Agency: Federal Energy Regulatory Commission
Status: Open

Comments: As of May 2020, FERC is in the process of taking steps to address this recommendation.