FERC proposes to approve reliability standards to mitigate cybersecurity risks
The Federal Energy Regulatory Commission (FERC) recently proposed to approve new mandatory Reliability Standards to address cybersecurity risks related to the supply chain for grid-related cyber systems.
The North American Electric Reliability Corporation (NERC) proposed the standards in response to a FERC order directing them to do so.
FERC’s recent Notice of Proposed Rulemaking (NOPR) concludes that the proposals represent substantial progress in addressing supply chain cybersecurity risks, but also identifies significant remaining risks. FERC noted that the proposed standards exclude Electronic Access Control and Monitoring Systems (EACMS), Physical Access Controls (PACs), and Protected Cyber Assets (PCAs).
To address these gaps, FERC proposed to direct NERC to add measures regarding EACMS associated with medium- and high-impact bulk electric system cyber systems into the Reliability Standards as well as to assess the risks associated with PACs and PCAs as part of a study proposed by the NERC Board.
The NOPR will be available for comments for 60 days after publication in the Federal Register.
In a separate order, FERC also approved several new Emergency Preparedness and Operations (EOP) Reliability Standards.
The standards require accurate reporting to NERC’s event analysis group, define the responsibilities of entities that support system restoration from blackstart resources, clarify the procedures and coordination requirements for reliability coordinator personnel to perform system restoration processes and enhance an operating plan used to enable continued reliable operation following the loss of primary control functionality.
