From: Mondaq
Article by Jonathan G. Cedarbaum and Nathaniel Custer | WilmerHale
The Federal Energy Regulatory Commission (FERC) published a notice of proposed rulemaking (NPRM) on October 26, suggesting updates to the Critical Infrastructure Protection (CIP) Reliability Standard governing cybersecurity management controls for bulk electric system (BES) assets, called CIP-003.1 The CIP program is a collection of standards designed to address the security of the bulk power system. Standards, and revisions thereto, are developed by the North American Electric Reliability Corporation (NERC) and are made mandatory and enforceable through acceptance and promulgation by FERC. CIP-003 governs “security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability.”2
FERC Order 822
NERC developed the proposed revision, from the sixth version of CIP-003 to the proposed seventh version, in response to FERC Order 822. In that order, FERC directed NERC to revise CIP-003 (1) to clarify the obligations of operators of low impact BES Cyber Systems with respect to protecting against access from external users or devices and (2) to articulate standards for protecting against threats from transient devices, such as thumb drives.3 NERC’s revisions to CIP-003 address both directives, and FERC proposes to implement the standard as revised, while also proposing to direct NERC to make further refinements in each of these two areas.
Leave a Reply