FERC Moves to Boost Grid Security

Friday, October 20, 2017 @ 03:10 PM gHale


Federal Energy Regulatory Commission (FERC) proposed new cyber security management controls to enhance the reliability and resilience of the nation’s bulk electric system.

“FERC proposes to approve Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-7 (Cyber Security ñ Security Management Controls), which is designed to mitigate cyber security risks that could affect the reliable operation of the Bulk-Power System,” FERC officials said.

RELATED STORIES
CIP Reliability Audit Lessons Learned
Utility Execs Fear Grid Attacks: Report
Power Grid Compromise
AI to Prevent Grid Failures

The new standard will particularly improve on existing standards for access control, “by clarifying the obligations that pertain to electronic access control for low-impact cyber systems; adopting mandatory security controls for transient electronic devices, such as thumb drives and laptop computers; and requiring responsible entities to have a policy for declaring and responding to CIP exceptional circumstances related to low-impact cyber systems,” officials said in a post.

FERC also said the North American Electric Reliability Corp (NERC) should develop criteria for mitigations against the risks resulting from any malware that could come from third-party transient devices.

“These modifications will address potential gaps and improve the cyber security posture of entities that must comply with the CIP standards,” FERC said.

“Regulation governing power grid cyber risks is not new as, for almost a decade, the introduction of various controls have sought to keep pace with evolving threats to this sector,” said Edgard Capdevielle, chief executive of Nozomi Networks. “Despite the way in which threats, including malware, are deployed – be it from spear phishing, infected laptops or compromised USB drives, it is unquestionable that it poses a serious risk. Whether compelled by regulation or not, the identification of malware within utilities is prudent and thankfully, due to advances in technology, is now a relatively simple process that grid operators can implement to ensure infections don’t affect their system operations.”



Leave a Reply

You must be logged in to post a comment.