The office will let FERC set best practices and communicate with private-sector firms about cyber vulnerabilities through “existing statutory authority,” the regulator said in a Thursday statement.