In a new Notice of Proposed Rulemaking and a new Order, the Federal Energy Regulatory Commission (FERC) is keeping key grid security issues front and center.
First, FERC’s revision to its Critical Infrastructure Protection (CIP) standard was issued on October, 19, 2017. Titled “New Security Management Controls for Grid Cyber Systems,” the NOPR involves new cyber security management controls to further enhance the reliability and resilience of the nation’s bulk electric system. These include mandatory controls to address the risks posed by malware from transient electronic devices like laptop computers, thumb drives and other devices used at low-impact bulk electric system cyber systems.
FERC also issued an acceptance of NERC’s preliminary geomagnetic disturbance (GMD) research work plan and directed that NERC file a final plan within six months.
NERC CIP Cyber Protection
FERC proposes to approve Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-7 (Cyber Security – Security Management Controls), which is designed to mitigate cyber security risks that could affect the reliable operation of the Bulk-Power System. The proposed standard improves upon the current Commission-approved CIP standards by clarifying the obligations that pertain to electronic access control for low-impact cyber systems; adopting mandatory security controls for transient electronic devices, such as thumb drives and laptop computers; and requiring responsible entities to have a policy for declaring and responding to CIP exceptional circumstances related to low-impact cyber systems.
The Notice of Proposed Rulemaking also proposes to direct the North American Electric Reliability Corp. (NERC) to develop modifications to provide clear, objective criteria for electronic access controls for low-impact cyber systems and to address the need to mitigate the risk of malicious code that could result from third-party transient electronic devices. These modifications will address potential gaps and improve the cyber security posture of entities that must comply with the CIP standards.
FERC’s Geomagnetic Disturbance Research order
In a separate order, FERC accepted NERC’s preliminary geomagnetic disturbance (GMD) research work plan and directed that NERC file a final plan within six months. The work plan identifies nine GMD-related research areas and sets an estimated time frame for their completion. The order, among other things, provides NERC with guidance on how to prioritize the GMD research.
The intensity of GMD vary greatly but tend to follow an 11 year cycle; impacts of GMD in terms of shifts in ground voltage on the bulk transmission system vary as a function of numerous factors, including regional variations in iron content of underlying rock formations.