FERC, NERC report highlights response, recovery planning for cyber incidents
A new report published by the staff of the Federal Energy Regulatory Commission (FERC) and North American Electricity Reliability Corporation (NERC) this week showcased cyber incident responses and recovery best practices for electric utilities.
The staff noted that effective IRR plans help address cyber threats and should be in place — along with response teams — in advance of the need to detect, contain and eradicate cyber threats before they can do harm.
In that regard, the report identified effective IRR plans as those containing well-defined and constantly learning personnel, empowered to act and held accountable, while being supported by technology and automated tools. Other best practices include the utilization of baselines for personnel to quickly detect significant deviations from normal operations, removal of external connections when activated, evidence collection and analysis of compromises, consideration of how incident responses could impact resources, and implementation of lessons learned from previous incidents and simulations.
These findings were based on eight utilities’ Incident Response and Recovery (IRR) plans, as well as their varying scope, computer security events and incidents, staff responsibilities, levels of authority for response, reporting requirements, external communications demands and info requirements, and performance evaluation procedures.
