[co-author: Shawn Whites] Building off its White Paper issued last summer, the Federal Energy Regulatory Commission (FERC or the “Commission”) has proposed changes to its regulations that would encourage more robust investment in cybersecurity infrastructure. The notice of proposed rulemaking (NOPR) provides incentive rate treatment for voluntary utility investments that go “above and beyond” FERC’s mandatory cybersecurity standards. Comments on the NOPR are due April 6. The Commission’s Critical Infrastructure Protection (CIP) Reliability Standards require users, owners and operators of the “bulk-power system” 1 to safeguard critical cyber assets. FERC categorizes assets based on the risk to the bulk-power system if the assets are compromised, with different requirements applying depending on the risk category. Most of the requirements apply to the high- and medium-risk categories.