- The Federal Energy Regulatory Commission (FERC) approved on Thursday an order to expand reporting requirements for attempts to compromise the national grid, a move it expects will improve the security of the bulk electric system.
- The order mandates reporting of cyber events and creates guidelines for the content, along with filing deadlines and how the reports are to be disseminated. The changes will "enhance the reliability of the Bulk-Power System by providing a more accurate picture of the rapidly changing cyber threat landscape," FERC staff said at a presentation yesterday during its open meeting.
- On the same day, FERC Commissioner Cheryl LaFleur announced she will leave in August, creating the second nomination spot for the Trump administration to fill. Her final FERC public meeting will be in July.
Previous to the order, reports were only required when an incident had compromised or disrupted reliability tasks. However, as the North American Electric Reliability Corp. (NERC) stated in its annual report of the U.S. power grid's 2018 performance, cyber events to cause non-reliability disruptions have continued to grow.
While no cyber or physical security incidents resulted in loss of load last year, NERC warned that cybersecurity vulnerabilities on the electric grid "are increasing."
"It is vital that we ensure that NERC and the Department of Homeland Security have all the information needed to understand the evolving threat landscape for industrial control systems," Chatterjee said in a statement.
Reports and updates on cyber events will be sent to NERC's Electricity Information Sharing and Analysis Center and the Department of Homeland Security's National Cybersecurity and Communications Integration Center.
The new reliability standard is in response to a directive from FERC Order 848. It gives utilities or responsible entities the flexibility to develop assessments needed for their systems while creating a standard for reporting on attempts to compromise cyber systems associated with electronic security perimeters, physical security perimeters, and electronic access control/monitoring systems.