Skip to main content
close search
site logo
Dive Brief

FERC looks to address new cyber threats in updated reliability standards

Published July 21, 2015
Robert Walton's headshot
Senior Reporter
JacksonClerk

Dive Brief:

  • FERC has proposed a series of modifications to its critical infrastructure protection reliability standards, designed to address growing concerns that the nation's bulk generation and transmission systems remain vulnerable to cyberattacks.
  • The commission wants the utility industry to develop new security protocols, including standards for data flowing across unsecured third-party networks.
  • However, industry observers say third-party players in the utility space pose a challenge because FERC does not regulate vendors, meaning utilities will have to guard against malware coming in on systems they contract.

Dive Insight:

Amid growing concern that a significant cyber attack on the U.S. Electric system could do billions in damage – if not more – FERC has issued a notice of proposed rulemaking seeking comment on ways to bolster grid security.

According to the Notice of Proposed Rulemaking, the changes are “designed to mitigate the cybersecurity risks to bulk electric system facilities, systems, and equipment, which, if destroyed, degraded, or otherwise rendered unavailable as a result of a cybersecurity incident, would affect the reliable operation of the Bulk-Power System.” 

The new security standards would apply to “supply chain management,” FERC said, would need to take several factors into account: not require renegotiation of contracts; allow for exceptions; be specific enough so that compliance is clear and enforceable; and address only entities FERC regulates.

Only twice before gas the commission proposed to require the development of a new standard, Commissioner Cheryl LaFleur said in a statement, highlighting the severity of the issue.

Recent events have “highlighted potential security risks for the electric industry,” she wrote. “Understanding the evolving threats and how best to respond to them is of critical importance.”

But EnergyWire reports that there could be difficulties in implementing new standards.

"It's acknowledged that NERC and FERC don't have authority over the vendors. Utilities have a limited ability to impose conditions on vendors," Nadya Bartol, a senior cybersecurity strategist at the Utilities Telecom Council, told EnergyWire. "It needs to be done through a productive dialogue."

Lloyd's of London issued a report recently which estimated the total economic loss from a wide scale power outage in the United States could range from $243 billion up to $1 trillion in the most damaging scenarios. Researchers have shown that hackers could potentially damage generators by opening and closing certain circuit breakers to ultimately push a machine's rotating parts out of alignment.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
The energy market in Saudi Arabia and the Persian Gulf will be managed by Czech company Unicorn
From Unicorn
October 23, 2024
eSmart Systems raises EUR 30 million in investment to accelerate growth
From eSmart Systems
October 28, 2024
Heat Pump Assisted Water Heater Technology Could Make Big Lift
From Energy Solutions
November 07, 2024
Edo and EPRI Earn Award from the California Energy Commission (CEC) to Advance VPPs
From Edo
October 31, 2024
Editors' picks
Latest in Transmission & Distribution
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell