FERC Proposes to Adopt Enhanced Supply Chain Risk Management Reliability Standards
The Federal Energy Regulatory Commission (FERC) today proposed to approve new mandatory Reliability Standards to bolster supply chain risk management protections for the nationís bulk electric system. The proposed standards are intended to augment current Critical Infrastructure Protection standards to mitigate cyber security risks associated with the supply chain for the grid-related cyber systems.
The North American Electric Reliability Corporation (NERC) proposed the standards in response to FERC Order No. 829, which directed the electric reliability organization to develop standards to address supply chain risk management for industrial control system hardware, software, and computing and networking services. The Commission believes that the global supply chain provides opportunity for significant benefits to customers but also presents opportunities to affect management or operations of generation or transmission companies that may result in risks to end-users.
Todayís Notice of Proposed Rulemaking (NOPR) concludes that NERCís proposals constitute substantial progress in addressing the supply chain cyber security risks identified by the Commission. However, it also finds a significant cyber security risk remains because the proposed standards exclude Electronic Access Control and Monitoring Systems (EACMS), Physical Access Controls (PACs) and Protected Cyber Assets (PCAs).
To address that gap, FERC proposes to direct NERC to include EACMS associated with medium- and high-impact bulk electric system cyber systems within the scope of the supply chain risk management Reliability Standards as well as to evaluate the risks presented by PACs and PCAs as part of a study already proposed by the NERC Board.
Comments on the NOPR are due 60 days after publication in the Federal Register.
In a separate order, the Commission approved a series of new Emergency Preparedness and Operations (EOP) Reliability Standards. The standards will enhance reliability by:
- Providing accurate reporting of events to NERCís event analysis group to examine the impact on reliability of the grid (EOP-004-4);
- Delineating the roles and responsibilities of entities that support system restoration from blackstart resources (EOP-005-3);
- Clarifying the procedures and coordination requirements for reliability coordinator personnel to execute system restoration processes (EOP-006-3); and
- Refining the required elements of an operating plan used to continue reliable operation of the grid if primary control functionality is lost (EOP-008-2).
|View Printable PDF Version|