FERC Directs NERC to Tighten Bulk Electric System Cybersecurity

FERC Directs NERC to Tighten Bulk Electric System Cybersecurity

January 26, 2023

On January 19, 2023, the Federal Energy Regulatory Commission issued a Final Rule directing the North American Electric Reliability Corporation to file for FERC review new or modified Reliability Standards that require internal network security monitoring (INSM) within trusted Critical Infrastructure Protection (CIP) network environments for certain Bulk Electric System (BES) Cyber Systems. The Final Rule, as we described here when first proposed, targets a gap in the current NERC CIP Reliability Standards. Specifically, its main goal is to ensure that registered entities adopt INSM capable of addressing “situations where vendors or individuals with authorized access are considered secure and trustworthy but could still introduce a cybersecurity risk, as well as other attack vectors that can exploit this gap,” and to “increase the probability of early detection and allow for quicker mitigation and recovery from an attack.” Such was the style of the SolarWinds attack in 2020, which FERC said shows “how an attacker can bypass all network perimeter-based security controls traditionally used to identify the early phases of an attack” by leveraging the technology of a trusted vendor.

Read more

Leave a Reply

By clicking Accept or closing this message, you consent to our cookies on this device in accordance with our cookie policy unless you have disabled them. more information

By clicking Accept or closing this message, you consent to our cookies on this device in accordance with our cookie policy unless you have disabled them. You can change your cookie settings at any time but parts of our site will not function correctly without them. We use cookies during the registration process and to remember member settings.

Close