FERC has proposed for new or modified critical infrastructure (CIP) standards to address the growing cyber risk management gaps affecting the reliable operation of the bulk-power system.
The proposal will direct the North American Electric Reliability Corporation (NERC) to require entities to identify their current supply chain risks to their grid-related cybersecurity systems at specified intervals; assess and take steps to validate the accuracy of the information received from vendors during the procurement process; and document, track and respond to these risks to their systems.
The Commission will also direct NERC to extend the applicability of the supply chain standards to include a category of products known as protected cyber assets, or PCAs. NERC will submit responsive new or revised standards within 12 months of the effective date of a final rule.
FERC also proposed to approve a CIP reliability standard for internal network security monitoring inside an entity’s electronic security perimeter, which NERC had submitted to comply with FERC Order No. 887.
FERC is proposing to direct NERC to develop modifications to the internal network security monitoring standard to extend protections outside of the electronic security perimeter to electronic access control or monitoring systems and physical access control systems. NERC is expected to submit a responsive revised reliability standard within 12 months of the effective date of a final rule.