FERC Approves New Reliability Standards For Cyber Security

The Federal Energy Regulatory Commission (FERC) recently approved eight new mandatory critical infrastructure protection (CIP) reliability standards to protect the nation’s bulk power system against potential disruptions from cyber security breaches.

These reliability standards were developed by the North American Electric Reliability Corporation (NERC), which FERC has designated as the electric reliability organization (ERO).

“Today, we achieve a milestone by adopting the first mandatory and enforceable reliability standards that address cyber security concerns on the bulk power system in the United States,” FERC Chairman Joseph T. Kelliher said. “The electric industry now can move on to the implementation of the standards in conjunction with improvement of these standards in order to increase the security and reliability of the bulk power system.”

Additional actions in the final rule direct the ERO to develop modifications to these reliability standards, via its reliability standards development process, and then submit them to FERC for approval. The modifications directed for development concern various oversight and technical issues pertaining to cyber protections. These include removal of language that allowed variable implementation of standards based on “reasonable business judgment” and a new framework of accountability surrounding exceptions based on technical feasibility.

The final rule also directs NERC to monitor the development and implementation of cyber security standards by the National Institute of Standards and Technology (NIST) to “determine if they contain provisions that will protect the Bulk-Power System better than the CIP Reliability Standards,” FERC said. But FERC did not direct NERC to adopt the NIST standards because that could lead to possible delays in putting into place any mandatory and enforceable standards.

The mandatory reliability standards require certain users, owners and operators of the bulk power system to establish policies, plans and procedures to safeguard physical and electronic access to control systems, to train personnel on security matters, to report security incidents, and to be prepared to recover from a cyber incident.

The eight CIP reliability standards address the following topics:

  • Critical Cyber Asset Identification.
  • Security Management Controls.
  • Personnel and Training.
  • Electronic Security Perimeters.
  • Physical Security of Critical Cyber Assets.
  • Systems Security Management.
  • Incident Reporting and Response Planning.
  • Recovery Plans for Critical Cyber Assets.

The eight reliability standards were submitted to FERC for approval on Aug. 28, 2006. In December 2006, FERC staff issued a preliminary analysis of the cyber security reliability standards, and allowed for public comment. On July 20, 2007, FERC issued a Notice of Proposed Rulemaking proposing to approve the standards, proposing future modifications, and seeking public comment.

The final rule, “Mandatory Reliability Standards for Critical Infrastructure Protection,” takes effect 60 days from the later of either the date Congress receives the agency notice of the rule, or the date the rule is published in the Federal Register.

Featured

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.