The Federal Energy Regulatory Commission (FERC) issued a Notice of Inquiry (NOI) on June 18, 2020, requesting comments on potential enhancements to the current U.S. Critical Infrastructure Protection (CIP) Reliability Standards (CIP Standards). In the NOI, FERC also seeks input on the potential risk of a coordinated cyberattack on geographically distributed targets and the need for FERC to address such risk.
In a related development, that same day FERC Staff (Staff) issued a Cybersecurity Incentives Policy White Paper (the White Paper) that discusses a potential new framework for providing transmission incentives to utilities for cybersecurity investments. The Staff presents a framework for providing transmission incentives to utilities "for cybersecurity investments that produce significant benefits for actions that exceed" the CIP Standards.
The NOI
CIP Standards are mandatory and enforceable following their approval by FERC. They are intended to provide a risk-based, defense-in-depth approach to cybersecurity of the bulk electric system (BES).
An important source for improving the CIP Standards to address evolving cyber threats is the National Institute of Standards and Technology Cyber Security Framework (NIST Framework). The NIST Framework sets forth a comprehensive structure to guide cybersecurity activities and to consider cybersecurity risks as part of an organization's risk management processes regarding its critical infrastructure.
Staff recently performed a comparative review of the NIST Framework with the CIP Standards. Staff ..
Support the originator by clicking the read the rest link below.
