FERC Directs NERC To Tighten Bulk Electric System Cybersecurity
- Jan 30, 2023 6:26 pm GMT
These Reliability Standards will apply to all high impact BES Cyber Systems with and without external routable connectivity—i.e., a high-speed internet connection6—and medium impact BES Cyber Systems with external routable connectivity.7
The Final Rule will become effective 60 days after publication in the
New Acting Chairman
Under the current NERC CIP Reliability Standards, network security monitoring requirements focus on defending the electronic security perimeter—such as through access point controls and monitoring for malicious communications—rather than on potential vulnerabilities of the internal network.13 Adding INSM requirements is "designed to address as early as possible situations where perimeter network defenses are breached by detecting intrusions and malicious activity within a trust zone."14It consists of: (1) collection; (2) detection; and (3) analysis.15 These three stages together "provide the benefit of early detection and alerting of intrusions and malicious activity."16 Early detection and response can, in turn, "reduce the likelihood that an attacker can gain a strong foothold, including operational control, on the target system."17 INSM can also enable "collection of data and analysis required to implement a defense strategy, improves an entity's incident investigation capabilities, and increases the likelihood that an entity can better protect itself from a future cyberattack and address any security gaps the attacker was able to exploit."18
While "NERC has flexibility in developing the content of INSM requirements, the new or modified CIP Reliability Standards must address [certain] specific concerns"
As to other BES Cyber Systems not covered by the new or revised Reliability Standards,
NERC Study Regarding Lower-Impact Systems
In NERC's study of such BES Cyber Systems,
Entities that own or operate high impact BES Cyber Systems with and without external routable connectivity and medium impact BES Cyber Systems with external routable connectivity should, at a minimum, continue to monitor NERC's Reliability Standards development process and consider participating in that process and/or the
1. Internal Network Sec. Monitoring for High & Medium Impact Bulk Elec. Sys. Cyber Sys., Order No. 887, 182
2. Final Rule at P 20. See also id. at PP 39, 50.
3. Id. at P 3. See also id. at PP 19, 80.
4. Id. at PP 15, 50.
5. Id. at P 15. See also id. at PP 3, 50.
6. "External routable connectivity" is the "ability to access a BES Cyber System from a Cyber Asset that is outside of its associated Electronic Security Perimeter via a bi-directional routable protocol connection." Id. n.3 (quoting NERC, Glossary of Terms Used in NERC Reliability Standards (2022) (NERC Glossary), https://www.nerc.com/pa/Stand/Glossary%20of%20Terms/Glossary_of_Terms.pdf).
7. Id. at P 1. NERC's CIP Reliability Standards categorize BES Cyber Systems "as high, medium, or low impact depending on the functions of the assets housed within each system and the risk they potentially pose to the reliable operation of the Bulk-Power System." Id. n.2. The designated impact level then "determines the applicability of security controls for BES Cyber Systems that are contained in the remaining CIP Reliability Standards (i.e., Reliability Standards CIP-003-8 to CIP-013-1)" as they currently exist. Id. In early 2022,
8. E.g., FERC News Release at 1.
9. Final Rule at PP 1, 88.
10. Id. at P 104.
11. E.g., id., at PP 1, 6.
12. FERC News Release at 1.
13. See, e.g., Final Rule at PP 3, 14.
14. Id. at P 9.
17. Id. at P 13.
18. Id. at P 49.
19. Id. at P 5.
23. Id. (footnotes omitted). See also id. at P 77.
24. Id. at P 88.
25. Id. at P 7. See also id. at P 88.
26. Id. at P 7. See also id. at PP 31, 88.
27. E.g., id. at P 91.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
E-mail: Jlarivee@akingump.com; firstname.lastname@example.org
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network® is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.
Sign in to Participate