FERC Acts to Improve Reliability by Closing Supply Chain Cyber Risk Management Gaps
19 September 2024 FERC proposed to require new or modified critical infrastructure (CIP) standards to address the growing risks posed by malicious actors seeking to compromise the reliable operation of the bulk-power system. The proposal would direct the North American Electric Reliability Corporation (NERC) to require entities to identify their current supply chain risks to their grid-related cybersecurity systems at specified intervals; assess and take steps to validate the accuracy of the information received from vendors during the procurement process; and document, track and respond to these risks to their systems. The Commission also would direct NERC to extend the applicability of the supply chain standards to include a category of products known as protected cyber assets, or “PCAs.” NERC would submit responsive new or revised standards within 12 months of the effective date of a final rule. Also, FERC proposed to approve a CIP reliability standard that requires internal network security monitoring inside an entity’s electronic security perimeter, which NERC had submitted to comply with FERC Order No. 887. That rule, approved in January 2023, directed NERC to develop CIP reliability standards requiring internal network security monitoring to provide greater defense-in-depth for entities’ CIP-networked environments. To find out more details please visit : https://www.ferc.gov/ |