FERC proposes new cybersecurity controls
The Federal Energy Regulatory Commission (FERC) recently proposed new cybersecurity management controls for low-impact, bulk electric system cyber systems to further enhance the reliability and resilience of the United State’s bulk electric system.
The proposal clarifies obligations related to electronic access control for low-impact cyber systems, adopting mandatory security controls for transient electronic devices and policies for declaring and responding to CIP exceptional circumstances related to low-impact cyber systems
The proposal, Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-7 (Cyber Security – Security Management Controls), updates the current Commission-approved CIP standards
The Notice of Proposed Rulemaking also proposes to direct the North American Electric Reliability Corp. (NERC) to provide criteria for electronic access controls for low-impact cyber systems and to address risks associated with malicious code that could come from third-party transient electronic devices.
In a separate order, the commission accepted NERC’s preliminary geomagnetic disturbance (GMD) research work plan, which identifies nine GMD-related research areas and sets an estimated time frame for their completion. The order directed NERC to file a final plan within six months and provides guidance on how to prioritize the GMD research.
