On Oct. 26, FERC published a notice of proposed rulemaking (NOPR) indicating it is considering approval of new procedures recommended by NERC for increasing the security of the U.S. bulk electric system (BES). Comments regarding the NOPR are due on Dec. 26, 2017. The proposal entitled: “Revised Critical Infrastructure Protection Reliability Standard CIP-003-7 – Cyber Security – Security Management Controls” clarifies the obligations pertaining to electronic access control for low impact BES Cyber Systems. It does this by adopting mandatory security controls for transient electronic devices such as thumb drives, laptop computers, and other portable devices frequently connected to computer systems used at low impact BES cyber systems, and by requiring responsible entities to have policies for responding to CIP Exceptional Circumstances related to such systems.
Given this timely additional attention to cybersecurity, it is well worthwhile going to the U.S. DOE’s Office of Electricity Delivery and Energy Reliability (OE) cybersecurity website to review the work underway in the OE’s Cybersecurity for Energy Delivery Systems (CEDS) program to enhance the reliability and resilience of the nation's energy infrastructure. At their site, one can review summaries of CEDS research and down load fact sheets on numerous projects. The projects range from identifying and mitigating risks associated with cloud-based power grid applications to card reader and controller technology for physical and cybersecurity access; cyberattack detection and defense for transmission, distribution, HVDC and DER systems; secure wireless communications and much, much more.
