PHI’s Rigby Joins Presidential Meeting on Cybersecurity

Tuesday, October 29, 2013

WASHINGTON, D.C. — Joseph M. Rigby, chairman, president and CEO of Pepco Holdings Inc., joined other business leaders from the finance, information technology and defense sectors today to meet with President Obama and senior advisors on a preliminary cybersecurity framework for owners and operators of critical infrastructure.

The National Institute of Standards and Technology (NIST), part of the Department of Commerce, led development of the framework in response to an executive order by President Obama in February. The voluntary NIST framework is intended to assist organizations in developing, operating and continuously evolving cybersecurity protections for their critical infrastructure and information.

PHI was asked to participate because of its industry leadership in support of the passage of cybersecurity legislation and because we have been very supportive of the executive order and have volunteered to be among the first utilities to have the framework applied.

NIST last week issued the cybersecurity framework and has asked for public comment within 45 days. NIST is expected to review those comments and have the final framework set for initial voluntary application in February 2014.

To successfully implement cybersecurity practices in conformance with the federal framework, individual states also should support the framework and provide prompt recovery of investments made for cybersecurity, Rigby said.

“It is important that the federal government and the states speak with one voice on cybersecurity and support the recovery of costs of protecting critical infrastructure and information against the perpetrators of cyber attacks. We expect these expenses to continue to rise as standards evolve and new threats arise,” Rigby said.

Rigby commended NIST for its transparent and inclusive process to develop the draft framework, which includes input from the electric power sector.

Edison Electric Institute (EEI), a national association of shareholder-owned electric companies, has made several points throughout the process to develop the framework:
  • Be high level and flexible to ensure that the cybersecurity framework can be adapted to the nation’s diverse critical infrastructure sectors, without unintended consequences
  • Build upon each sector’s existing processes, standards and guidance, including the sector-specific regulatory standards that already exist in the electric and nuclear industries
  • Avoid time-consuming and unnecessary duplication of efforts
  • Preserve and build upon existing public-private partnerships
  • Be risk based and cost effective
“We believe the partnership between the government and affected industries is critical to ensure preparation and readiness, and today’s meeting is evidence of the commitment of stakeholders to work together to protect against cyber threats,” Rigby said.


Pepco Holdings, Inc. (NYSE: POM) is one of the largest energy delivery companies in the Mid-Atlantic region, serving about 2 million customers in Delaware, the District of Columbia, Maryland and New Jersey. PHI subsidiaries Pepco, Delmarva Power and Atlantic City Electric provide regulated electricity service; Delmarva Power also provides natural gas service. PHI also provides energy efficiency and renewable energy services through Pepco Energy Services.