
Utility Management Group
Senior decision-makers come together to connect around strategies and business trends affecting utilities.
Shared Link
'Maybe it's not the right approach anymore' — FERC Chair Glick mulls new security paradigm for power sector
There are several good reasons to rethink the current cybersecurity paradigm to protect the entire electric Grid:
- NERC policies are limited to the Bulk Electric System only; this becomes a bigger issue as more DER comes onto the Grid, per FERC Order 2222. These DER devices should also be protected against cyber threats, which NERC does not cover today
- NERC's 15 minute rule used to decide which assets are subject to cybersecurity requirements enables threat actors to use tactics, techniques and procedures that "get around" the 15 minute rule by implementing attacks that occur outside of the 15 minute window. The 15 minute rule is bad for grid cybersecurity. All grid cybersecurity risks with a high potential impact and high likelihood, following NIST standards, should be addressed, regardless of how long the risk takes to manifest in grid impacts.
- NERC E-ISAC is a closed community that does not allow cyber security information reporting and dissemination with parties outside of NERC BES. Incident reporting is critically important to helping secure the grid; legislation is proceeding in Congress that will make CISA the reporting entity for cyber incidents across all critical infrastructure, not just the BES as NERC provides.
- NERC lacks the level of cybersecurity expertise that exists with CISA. CISA has the cybersecurity experts that the entire Nation depends on. It makes sense to put our cybersecurity experts at CISA in charge of cybersecurity policies to protect the electric grid, in its entirety, along with other interdependent critical infrastructure, i.e. Gasoline, Oil, Natural Gas, Communications, Transportation, Water, Healthcare and others.
I agree with FERC Chairman Glick, it's time to rethink cyber security policies and administration across the BES and indeed the entire electric grid.
'Maybe it's not the right approach anymore' — FERC Chair Glick mulls new security paradigm for power sector
The electric industry is considering a new approach to securing "low-impact" grid assets, which have typically had fewer protections in place but are increasingly seen as vulnerable to cyberattacks.
Discussions
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.
Sign in to Participate