Energy Central Professional


FERC Strengthens Reliability Standards for Monitoring Electric Grid Cyber Systems

Gulf Oil & Gas  


    FERC acted to strengthen the cybersecurity of the grid by directing the North American Electric Reliability Corporation (NERC) to develop and submit Reliability Standards requiring internal network security monitoring (INSM) for high-impact bulk electric system cyber systems and medium-impact systems with high-speed internet connections.

    Today’s final rule also directs NERC to study the risks posed by the lack of INSM. It also directs NERC to study the feasibility of implementing INSM at bulk electric cyber systems that would not be addressed by the new or modified standard.

    “The nature of cyber security threats to our nation’s grid require constant monitoring and vigilance,” FERC Chairman Willie L. Phillips said. “One year after we proposed this rule at my first meeting as a Commissioner, we are finalizing this rule in my first meeting as Chairman, and taking a major step to better secure the reliability of our nation’s bulk power system.”

    NERC has flexibility in developing the content of the new requirements, but the Commission said the new standards should address the need for entities to develop baselines of their network traffic inside their bulk electric system networked environments and to monitor for and detect unauthorized activity, connections, devices and software inside those networked environments. The new standards also should require entities to identify anomalous activity to a high level of confidence by logging network traffic, maintaining logs and other data and implementing measures to minimize the likelihood of an attacker removing evidence of their tactics, techniques and procedures from compromised devices.

    The rule takes effect 60 days after publication in the Federal Register. NERC has 15 months to submit the new standards for Commission approval, and 12 months to submit its report on low-impact bulk electric cyber systems and medium-impact systems with no broadband access.


Copyright © 1996-2023 by CyberTech, Inc. All rights reserved.
Energy Central® and Energy Central Professional® are registered trademarks of CyberTech, Incorporated. Data and information is provided for informational purposes only, and is not intended for trading purposes. CyberTech does not warrant that the information or services of Energy Central will meet any specific requirements; nor will it be error free or uninterrupted; nor shall CyberTech be liable for any indirect, incidental or consequential damages (including lost data, information or profits) sustained or incurred in connection with the use of, operation of, or inability to use Energy Central. Other terms of use may apply. Membership information is confidential and subject to our privacy agreement.