Energy regulators’ proposal to name violators of cyber standards complicated by cost, liability concerns

A debate on whether energy-sector regulators should reveal the identity of entities in violation of reliability standards for critical infrastructure protection is drawing attention to issues of liability and potential unintended impacts of compliance costs.

“When you put a name on it, it puts liability and the shareholder issue out there,” Melissa Hathaway, who directed strategic policy initiatives under Presidents George W. Bush and Barack Obama, told Inside Cybersecurity.

Hathaway was asked to comment on a proposal by staff...