FERC Takes Action on Cybersecurity in Response to Ukrainian Cyber Attacks

Aug 10

From: JDSupra Business Advisor

byJason WoolAlston & Bird

***
In the NOI, the Commission seeks comments on possible modifications to the Critical Infrastructure Protection (“CIP”) Reliability Standards developed and managed by the North American Electric Reliability Corporation (“NERC”) pursuant to Section 215 of the Federal Power Act. These modifications would require isolation between the Internet and certain critical cyber systems in control centers performing transmission operator functions “through use of physical (hardware) or logical (software) means.”  The modifications would also require the use of application whitelisting for the same critical systems in all control centers.  Application whitelisting is a security practice in which only specifically authorized applications are able to execute on a particular computer.

***

In the Final Rule (deemed Order No. 829), the Commission directs NERC to develop a new or modified Reliability Standard concerning “supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.”  While the Final Rule provides NERC with flexibility as to how to meet FERC’s requirements, its new or modified Reliability Standard must meet certain minimum criteria.  This includes the creation of a plan by jurisdictional electric utilities addressing four security objectives: (1) software integrity and authenticity, (2) vendor remote access, (3) information system planning, and (4) vendor risk management and procurement controls.

Read Complete Article

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *