FERC report provides recommendations based on lessons learned from CIP reliability audits
Federal Energy Regulatory Commission (FERC) staff recently issued a report providing recommendations to help users, owners and operators of the bulk-power system evaluate their risks, compliance efforts and overall cyber security posture.
The recommendations in the report are based on lessons learned from non-public audits of several registered entities of the Bulk Electric System during fiscal year 2018 as well as staff reviews of emerging advanced cyber and physical threats to energy infrastructure.
“These lessons learned will help improve the security of the nation’s electric grid, strengthen cybersecurity and help facilitate compliance with mandatory reliability standards,” FERC said in a news release.
FERC’s Office of Electric Reliability conducted the audits with assistance from its Office of Enforcement and in collaboration with the North American Electric Reliability Corporation (NERC) and its regional entities. FERC’s Office of Energy Infrastructure Security assisted with analyzing the audit data.
The report’s recommendations include implementing valid Security Certificates within the boundaries of BES Cyber Systems with encryption sufficiently strong enough to ensure proper authentication of internal connections; implementing encryption for Interactive Remote Access that is sufficiently strong enough to protect the data sent between the remote access client and the BES Cyber System’s Intermediate System; and replacing or upgrading “End-of-Life” system components of an applicable Cyber Asset.
The audits evaluated the registered entities’ compliance with the applicable Critical Infrastructure Protection (CIP) Reliability Standards and identified other possible areas for improvement not specifically addressed by the CIP reliability standards.
