Tdworld 20673 Gridsecurity
Tdworld 20673 Gridsecurity
Tdworld 20673 Gridsecurity
Tdworld 20673 Gridsecurity
Tdworld 20673 Gridsecurity

FERC Staff Identifies Key Cybersecurity Program Priorities

Dec. 4, 2019
Supply chain/insider threat/third-party authorized access is one of the five focus areas to address critical cybersecurity challenges.

The Federal Energy Regulatory Commission (FERC) staff recently detailed the depth of its continuing efforts to address cybersecurity challenges facing the nation’s energy infrastructure.

Among other things, the presentation detailed several organizational changes meant to better focus the agency’s resources on quickly evolving cyber challenges including creation of a new security-focused group within the Office of Energy Projects’ (OEP) Division of Dam Safety and Inspections. The group will address cyber as well as physical security concerns at jurisdictional hydropower facilities, staff said in a presentation at the FERC’s November open meeting. FERC Chairman Neil Chatterjee also announced that the commission’s Office of Electric Reliability (OER) would be realigning its functions to establish one division focused exclusively on cybersecurity.

“At the FERC, we are charged with overseeing the development and enforcement of cybersecurity standards for the nation’s high-voltage transmission system and jurisdictional hydroelectric facilities,” Chatterjee said. “These two developments will help FERC staff more efficiently focus its efforts on cybersecurity. This new security group in OEP and the realignment in OER will consolidate the cybersecurity staff into a division that focuses solely on cyber.”

Drawing on the experience and knowledge of each of the relevant offices, an FERC staff presentation recently identified five areas where commission staff will strategically and collectively focus efforts to address critical cybersecurity challenges. The five focus areas are:

  • Supply chain/insider threat/third-party authorized access;
  • Industry access to timely information on threats and vulnerabilities;
  • Cloud/managed security service providers;
  • Adequacy of security controls; and
  • Internal network monitoring and detection.

Staff also described certain outreach activities and other initiatives they intent to prioritize throughout FY2020. In particular, staff will closely monitor supply chain security implementation and the industry’s adoption of new technologies and services to address cyber infrastructure implementation, maintenance and/or management. The Office of Energy Infrastructure Security (OEIS) continues to build on its existing outreach initiatives, including offering voluntary network architecture assessments and the OER will continue to conduct and participate in audits.

Voice your opinion!

To join the conversation, and become an exclusive member of T&D World, create an account today!