- The Federal Energy Regulatory Commission is considering approving new cybersecurity standards proposed by the North American Electric Reliability Corp. in an effort to secure the reliability of the United States' bulk electric system (BES).
- The new standards will primarily cover "transient electronic devices," adopting security protocols for devices such as thumb drives and laptops, which are frequently connected and disconnected from systems.
- Comments on the proposed new standards will be due within 60 days of the notice of proposed rulemaking (NOPR) being published in the Federal Register.
Efforts to secure the country's electric grid are now a continuous process, proceeding on several fronts. While FERC is considering new security protocols, NERC is also gearing up for next month's biennial GridEx event, which simulates an attack on the electric grid.
The new NOPR will "address the need to mitigate the risk of malicious code that could result from third-party
transient electronic devices," FERC said.
Specifically, the new standards would clarify obligations regarding electronic access control for low impact BES cyber systems, and would adopt mandatory security controls for transient electronic devices. The new rules would also require responsible entities to have a policy for declaring and responding to Critical Infrastructure Protection Exceptional Circumstances related to low impact BES Cyber Systems.
Cybersecurity has become a top concern in the last couple of years.
A recent report from Accenture concluded almost 63% of utility executives globally believe their country faces at least a moderate risk of a cyberattack on the electric grid in the next five years. In North America, even more utility executives — 76% — see a cyberattack as likely in the next five years. The study also showed that 43% of utility executives are concerned about physical threats to their distribution systems.