The Federal Energy Regulatory Commission (FERC) moved to strengthen the cyber security of the bulk electric system today with a proposed rule that would extend the scope of the systems that are protected by cyber security standards.
The proposal, submitted in January 2013 by the North American Electric Reliability Corporation (NERC), constitutes version 5 of the Critical Infrastructure Protection Reliability Standards, or CIP standards. The proposal is intended to improve the security posture of responsible entities and represents an improvement in the CIP standards.
The proposal includes 12 requirements with new cyber security controls that address Electronic Security Perimeters, Systems Security Management, Incident Reporting and Response Planning, Recovery Plans for BES Cyber Systems, and Configuration Change Management and Vulnerability Assessments. It also would use a new, tiered approach to identifying and classifying bulk electric system cyber assets that is a step toward applying CIP protections more comprehensively to better assure protection of the bulk electric system.
The Commission is seeking comment on certain language in the proposed CIP version 5 Standards to alleviate concerns regarding the potential ambiguity and, ultimately, enforceability of the proposed Standards.
NERC is the FERC-certified Electric Reliability Organization for the bulk electric system. Comments on the proposed rule are due 60 days after publication in the Federal Register.