Windpower Engineering & Development

  • Home
  • Articles
    • Most recent posts
    • News
    • Featured
  • Leadership
    • 2020 Winners
    • 2019 Winners
  • Resources
    • Digital issues
    • Podcasts
    • Suppliers
    • Wind Power Videos
    • Wind Power Events
  • Webinars
  • Videos
  • Subscribe
    • Magazine Subscription
    • Enewsletter Subscription
  • About Us

FERC proposes to require reporting for all cyberattacks on important electric infrastructure

By Paul Dvorak | January 5, 2018

This article comes from law firm Morgan Lewis & Bockius LLP and is authored by J. Daniel Skees and Arjun Prasad Ramadevanahalli

J. Daniel Skees and Arjun Prasad Ramadevanahalli

Under a notice of proposed rulemaking to be released today, December 21, the Federal Energy Regulatory Commission (FERC) is proposing to direct the North American Electric Reliability Corporation (NERC) to revise the Critical Infrastructure Protection (CIP) reliability standards to require electric utilities to report all cyberattacks on the electric security perimeters surrounding their key electric infrastructure as well as the associated electronic access control and monitoring devices that protect those perimeters.

This proposal is driven in part by FERC’s concern that the existing CIP reliability standards only require regulatory reporting if an attack has an impact on bulk-power system reliability. As a result, attacks that are successfully thwarted or prevented by electric utilities are not reported. According to FERC, this lack of reporting inadvertently creates an underreporting of the threat to reliability posed by these attacks.

In addition to requiring reporting for any cybersecurity incidents that compromise or attempt to compromise covered assets, the proposal would also direct NERC to modify the existing CIP reliability standards to provide greater specificity for the information utilities will need to report. These reports would be sent to both the Electricity Information Sharing and Analysis Center (E-ISAC) operated by NERC and the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) within a specified time period. Finally, the proposal would require NERC to submit to FERC an annual report with “anonymized” information about the reported attacks.

Given the expanding nature of the cyber threat to electric infrastructure in the United States and the sheer number of attempts to compromise electric utility systems, the overwhelming majority of which are successfully defeated, this reporting requirement could result in a significant regulatory reporting burden for owners of Medium Impact and High Impact BES Cyber Systems. Specificity regarding what activities represent reportable incidents and the amount of information that will need to be reported will be the key factor in determining the extent of the regulatory burden on electric utilities. During the open meeting, the commissioners asked for suggestions from the industry on ways that FERC’s goals could be met in an efficient manner.

 

Tell Us What You Think! Cancel reply

Related Articles Read More >

The winds of change: The future of predictive analytics in wind farm reliability
ISA announces Global Cybersecurity Alliance members
NARUC releases two new manual resources on cybersecurity risks to utilities
Mark your calendars: Power Grid Digitalization Forum is in Montreal this October

Windpower Engineering & Development Digital Edition

Digital Edition

Browse the most current issue of Windpower Engineering & Development and back issues in an easy to use high quality format. Clip, share and download with the leading wind power engineering magazine today.

Webinars
Windpower Engineering & Development
  • Wind Articles
  • Subscribe to Windpower Engineering
  • Advertising
  • Contact Us/About Us

Copyright © 2021 WTWH Media, LLC. All Rights Reserved. Site Map | Privacy Policy | RSS

Search Windpower Power Engineering & Development

  • Home
  • Articles
    • Most recent posts
    • News
    • Featured
  • Leadership
    • 2020 Winners
    • 2019 Winners
  • Resources
    • Digital issues
    • Podcasts
    • Suppliers
    • Wind Power Videos
    • Wind Power Events
  • Webinars
  • Videos
  • Subscribe
    • Magazine Subscription
    • Enewsletter Subscription
  • About Us