The Federal Energy Regulatory Commission (FERC) recently expanded the reporting requirements for cybersecurity incidents involving attempts to compromise the operation of the grid.
The new Critical Infrastructure Protection Reliability Standard CIP-008-6 (Cyber Security – Incident Reporting and Response Planning) requires the reporting of cybersecurity incidents that either compromise or attempt to compromise Electronic Security Perimeters, Electronic Access Control or Monitoring Systems and Physical Security Perimeters associated cyber systems. The new standard also includes disruptions or attempts to disrupt the operation of a bulk electric system cyber system.
The standard requires each responsible entity to establish criteria for identifying attempts to compromise a cyber asset and apply those criteria in its cybersecurity incident identification process. This approach provides entities the flexibility to develop criteria appropriate to their systems, FERC said.
The new standard also addresses the information to be included in Cyber Security Incident reports, their dissemination and deadlines for filing. It requires entities to send reports and updates to the Electricity Information Sharing and Analysis Center and the Department of Homeland Security’s National Cybersecurity and Communications Integration Center.
“Defending our nation’s electric grid against cybersecurity threats is one of the Commission’s most pressing challenges,” FERC Chairman Neil Chatterjee said. “It is vital that we ensure that NERC and the Department of Homeland Security have all the information needed to understand the evolving threat landscape for industrial control systems.”
Previously, under the Critical Infrastructure Protection Reliability Standards, entities were only required to report incidents that compromised or disrupted one or more reliability tasks.
FERC previously directed the North American Electric Reliability Corporation (NERC) to enhance the reporting of cybersecurity incidents, citing concerns that existing standards may understate the scope of threats by excluding incidents from reporting that could facilitate subsequent efforts to harm the reliable operation of the grid.
Louisville Gas and Electric Company (LG&E) and Kentucky Utilities (KU) issued a Request for Proposals (RFP) for new solar, wind,…
Wyoming gained its first solar facility this week, and Southern Power its 30th, with the beginning of operations at the…
Three project teams led by Exelon engineers recently earned honors from the Electric Power Research Institute’s (EPRI) 2024 Technology Transfer…
A coalition of more than 40 organizations and companies is urging Congress to provide robust funding for electric transmission deployment…
The Department of Energy (DOE), along with U.S. Department of the Treasury and the Internal Revenue Service (IRS) issued guidance…
In a bid to diversify its energy portfolio and improve winter reliability, Ameren Illinois recently announced plans to upgrade infrastructure…
This website uses cookies.