The Federal Energy Regulatory Commission (FERC) has approved the revision of seven critical infrastructure protection (CIP) Reliability Standards on Thursday, including requirements for personnel and training, as well as the physical security of the bulk electric system’s cyber systems and information protection.
The revisions were primarily made to improve the overall cybersecurity of the bulk electrical system. The final rule changes taking place on the 21st were originally approved in a July 16 Notice of Proposed Rulemaking.
The North American Electric Reliability Corporation has also been directed to develop modifications to address multiple different sections of the bulk electrical grid. These new protections will include increased protection of transient electronic devices used at low-impact bulk electric system cybersystems. There will also be protections for communication network components between control centers, as well as a refinement of the definition for low-impact external routable connectivity.
In addition to these revisions, FERC has also determined that there is a need for a comprehensive study on the effectiveness of the CIP remote access controls,
the risks posed by remote access-related threats and vulnerabilities, and appropriate mitigating controls.
A new proposal to develop requirements for supply chain management for control system hardware, software and services will be held on January 28.