Federal Energy Regulatory Commission staff issue report based on Critical Infrastructure Protection audits

Published on October 08, 2019 by Kevin Randolph


Warning: Undefined variable $post_id in /var/www/dailyenergyinsider.com/wp-content/themes/dei/single.php on line 31

Warning: Undefined variable $post_id in /var/www/dailyenergyinsider.com/wp-content/themes/dei/single.php on line 36
© Shutterstock

Federal Energy Regulatory Commission (FERC) staff recently issued a report that provided recommendations to users, owners, and operators of the bulk-power system on improving their compliance with mandatory Critical Infrastructure Protection (CIP) standards and their overall cybersecurity posture.

The report is based on non-public CIP audits of registered entities conducted by staff from FERC’s Office of Electric Reliability and Office of Enforcement in collaboration with staff from the North American Electric Reliability Corporation and its regional entities. The audits found that most of the cybersecurity protection processes and procedures the entities adopted met the mandatory requirements of the standards.

The report assesses compliance with CIP reliability standards and offers recommendations regarding cybersecurity practices that are voluntary.

The report recommends that entities consider all generation assets, regardless of ownership, when categorizing bulk electric system cyber systems associated with transmission facilities. It also recommends ensuring that all employees and third-party contractors complete training and that training records are adequately maintained, verifying employees’ recurring authorizations for using removable media and reviewing firewalls to ensure that no obsolete or overly permissive firewall access control rules are in use.