Skip to main content
close search
site logo
Dive Brief

NERC seeks to bolster grid security with improved cyber protocols

Published July 25, 2016
Robert Walton's headshot
Senior Reporter
Flcikr user Yuri Samoilov

Dive Brief:

  • Federal regulators have directed the North American Electric Reliability Corp. (NERC) to develop an improved cybersecurity protocol to protect the nation's electric grid, calling for a supply chain risk management standard that protects both information systems and related bulk electric system assets, Smart Grid News reports. 
  • The Federal Energy Regulator Commission directed NERC to develop a "forward-looking, objective-based" reliability standard that requires security controls for supply chain management for industrial control system hardware, software, and services associated with bulk electric system operations.
  • Also, FERC is considering changing Critical Infrastructure Protection (CIP) standards regarding the protection of control centers that are used to monitor and control the bulk electric system in real-time, and has issued a Notice of Inquiry. 

Dive Insight:

FERC is calling for improved cybersecurity across all parts of the grid, but rather than a uniform approach, is instead directing transmission owners to develop plans specific to their own needs.

"There is no requirement for any specific controls, nor does FERC require any 'one-size-fits-all' requirements," the agency said in an announcement. But the standard should four aspects: software integrity and authenticity; vendor remote access; information system planning; and vendor risk management and procurement controls. 

"The new or modified Reliability Standard should instead require responsible entities to develop a plan to meet the four objectives while providing flexibility to responsible entities as to how to meet those objectives," FERC said.

The final rule will be publiushed in the Federal Register and go into effect 60 days after.

FERC is also taking comments on plans to modify CIP standards regarding the protection of control centers that are used to monitor and control the bulk electric system in real-time. The agency pointed to the 2015 cyberattack in Ukraine, and the resulting blackout, as "an example of how cyber systems used to operate and maintain interconnected networks more efficiently can have the unintended effect of creating cyber vulnerabilities."

FERC said it is seeking comment on possible modifications to address separation between the internet and the cyber systems in control centers that perform transmission operator functions, and computer administration practices that prevent unauthorized programs from running.

A simulated attack on the North American electric grid last year showed the power industry had made progress in protecting the system, but NERC also issued a report calling for improvements in communications, including upgrading the Electricity Information Sharing and Analysis Center portal and enhancing coordination with law enforcement.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
General Atlantic’s BeyondNetZero Fund and TA Partner to Drive Continued Growth of Technosylva
From Technosylva
November 21, 2024
Utility Broadband Alliance 2024 Summit & Plugfest Shatters Attendance Milestone
From Utility Broadband Alliance
November 21, 2024
Technosylva and KatRisk Join Forces to Expand Wildfire Management and Catastrophe Risk Modelin…
From Technosylva
November 18, 2024
Puget Sound Energy Maximizes Consumer Participation in Rates Engagement Pilot Powered by Uplig…
From Uplight
November 12, 2024
Editors' picks
Latest in Transmission & Distribution
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell