The Energy Collective Group
This group brings together the best thinkers on energy and climate. Join us for smart, insightful posts and conversations about where the energy industry is and where it is going.
Shared Link
REA's comments filed on FERC Docket RM20-19-000 supporting cybersecurity enhancements for the Bulk Electric System
FERC's Notice of Inquiry is available here. Here is the main point of my filed comments:
REA recommends the adoption of best practices for software supply chain risk assessments within the NERC CIP standards that leverages years of lessons learned and best practices from the Department of Defense, Department of Commerce (NIST/NTIA), Department of Energy and Industry groups, i.e. Edison Electric Institute, that have developed guidelines to identify and mitigate risks in a software supply chain.
REA recommends enhancements to the NERC CIP-010-3 Part 1.6 standards requiring a BES entity “to conduct a comprehensive software supply chain risk assessment based on the NIST Cybersecurity Framework V1.1, utilizing a Software Bill of Materials (SBOM), as a starting point for the risk assessment.
I encourage other parties with a vested intererst in protecting the Nation's Electric Grid from cybersecurity threats to also file comments with FERC on docket RM20-19-000
Energy Central hosted a PowerSession on 8/12/2020 that you may wish to consider to help in understanding software supply chain risk assessment steps: Cybersecurity on the U.S. Power Grid: Software Supply Chain Risks and Mitigations for NERC CIP-010-3 [an Energy Central PowerSession™]
You will also find a follow-up "Happy Hour" recording held approximately one week after the PowerSession to address audience questions. On Demand - Cybersecurity on the U.S. Power Grid: Software Supply Chain Risks and Mitigations for NERC CIP-010-3 - Happy Hour Follow-up Discussion
REA's comments filed on FERC Docket RM20-19-000 supporting cybersecurity enhancements for the Bulk Electric System
Today, Reliable Energy Analytics, LLC filed comments on FERC Docket RM20-19-000 in response to FERC's request for comments regarding "modifications to the CIP Standards would minimize risks associated with equipment and services"
- Gas-Electric Harmonization Initiative in NAESB is on track to succeed
- FERC commissioners pursue market, non-market answers to ISO-NE’s ‘dire’ winter reliability risks
- Utilities That Lack a Data Analytic Platform are Driving Blind and at Risk
- OMB Memo Identifies Best Practices for Software Supply Chain Protections
Discussions
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.
Your access to Member Features is limited.
Sign in to Participate