Media Statements & Speeches
Commissioner Cheryl A. LaFleur Statement
July 16, 2015
Docket No. RM15-14-000
Item No. E-1
Development of Supply Chain Cyber Controls in New Reliability Standards
“I would like to thank the team for their work on the order and NERC and the standards team for their work on the proposed standards. Today’s Notice of Proposed Rulemaking is an important next step to adapt the Critical Infrastructure Protection standards to evolving cybersecurity threats.
“The order is noteworthy because the Commission proposes to require the development of a new standard, regarding supply chain management practices. The Commission has only done this twice before, when it directed the development of standards to address geomagnetic disturbances (GMD) and physical security, so I recognize the significance of the Commission’s action today. However, recent events referenced in the order have highlighted potential security risks for the electric industry. I therefore agree with the Commission’s decision to propose to direct a new standard. I encourage stakeholders to provide the Commission with robust feedback on the proposal. The Commission has also directed staff to conduct outreach efforts to help us determine whether to require the development of a standard, and if so, what its timing, scope, and content should be.
“The work that NERC, the industry, and the Commission do on cybersecurity must obviously continually evolve to meet the changing nature of the cybersecurity threat, which we all see in the news practically daily. Understanding the evolving threats and how best to respond to them is of critical importance. On that point, I would like to recognize the Idaho National Laboratory, where last month I spent a couple days learning about its work on cybersecurity and GMD issues. The trip highlighted the important research and development work done at the Department of Energy, as well as the opportunities for collaborative work between the public and private sectors to protect critical grid assets.”