From: Utility DIVE
Dive Brief:
- Federal regulators have approved revisions to cybersecurity rules surrounding “transient electronic devices,” such as thumb drives and laptops, in the latest effort by the energy sector to shore up its defenses.
- The Federal Energy Regulatory Commission on Thursday issued a final rule approving a revised Critical Infrastructure Protection reliability standard. The rule directs the North American Electric Reliability Corp. to make changes to standards to “further mitigate the risk of malicious code” from some transient devices.
- The power industry is increasingly on alert in the face of growing cyber threats, and federal regulators have been refining rules and requirements. But NERC did not report any cyber incidents in 2015 and 2016, and as a result FERC, is also considering changes to mandatory reporting of cybersecurity issues.
Dive Insight:
FERC directed NERC to revise security standards for third-party transient electronic devices connected to low impact bulk electric system (BES) cyber systems. The devices are among a wide array of potential threats to the electric grid, along with spear phishing attacks and efforts to compromise industrial control systems.
In a statement, NERC said the revised standard represents “the next stage in cyber security standards, improving base-line cyber security posture of responsible entities.”
Leave a Reply