About FERC Office of Electric Reliability
The Division of Cyber Security oversees all aspects of cyber security related matters that affect the bulk power system. Monitor and participate in the development and review of Critical Infrastructure Protection (CIP) mandatory reliability standards, review and advise the Commission on filed cyber security reliability standards. Oversees compliance with the approved mandatory cyber security standards by the users, owners, and operators of the bulk power system. Assesses and advises whether new or modified cyber security reliability standards are required.
- Monitor and participate in the Electric Reliability Organization (ERO) and Regional Entities (RE) reliability standards development process to help improve the quality of cyber security reliability standards proposed to the Commission.
- Review proposed cyber security reliability standards to recommend whether the Commission should approve, remand, or direct the ERO revise approved cyber security reliability standards or develop new standards; includes performing quantitative technical arguments supported by data and analysis, in collaboration with the Division of Engineering and Logistics.
- Monitor ERO/REs compliance monitoring of users, owners, and/or operators of the bulk power system with the cyber security reliability standards; includes leading or participating in periodic and/or unscheduled reviews and audits of the ERO/REs, and users, owners, and operators of the bulk power system to determine the effectiveness of cyber security programs and compliance with cyber security reliability standards.
- Monitor, in conjunction with OE, ERO/REs compliance enforcement of users, owners, and operators of the bulk power system with the cyber security reliability standards; includes tracking and reviewing all cyber security alleged violations, mitigation plans, and Notices of Penalty.
- Conduct, with the Office of Enforcement (OE), cyber security compliance audits of users, owners, and operators of the bulk power system, independent of, or in partnership with, the ERO/REs.
- Perform analysis of bulk power system events, notifications, requests, or complaints in partnership with OE, as appropriate, to assess adequacy of cyber security reliability standards; includes compliance and/or alleged violations, identification of gaps, and opportunities to strengthen.
- Perform analysis of cyber security events, or of other information, in collaboration with NERC/REs, to identify and inform users, owners, and operators of the bulk power system of cyber security vulnerabilities.
- Coordinate with the Office of Energy Infrastructure and Security (OEIS), Office of Energy Projects (OEP), Office of the General Counsel - General and Administrative Law (GAL), applicable Federal agencies, the ERO/REs, stakeholders, and academia on current and emerging cyber security related issues.
- Outreach with applicable Federal agencies, the ERO/REs, stakeholders, academia, and vendors to explore, develop, and implement procedures and/or CIP reliability standards to protect the cyber security of the bulk power system.
- Assess whether cyber security reliability standards are adequate and whether new or modified cyber security reliability standards are needed based on its oversight of standards development, implementation and compliance, and its assessment of BPS security and emerging security requirements.
- Support as necessary, the other divisions' activities and requirements.