On January 21, 2016, the Federal Energy Regulatory Commission (FERC) approved advancements to Critical Infrastructure Protection (CIP) Reliability Standards that address cybersecurity of the bulk electric system. The CIP version 5 standards, developed by the North American Electric Reliability Corporation (NERC), identify and categorize bulk electric system (BES) cyber structures based on whether such structures have a low, medium, or high impact on the reliable operation and set specific requirements for each category, with which categorized entities must comply. To ensure that the electricity grid–a vast and complex system of transmission and communication networks–can withstand both natural events and cyber and physical attacks, the Energy Policy Act of 2005 subjects the electric power sector to mandatory cybersecurity standards under FERC jurisdiction.
The CIP Version 5 standards require that responsible entities actively consider the BES security needs beyond mere compliance with minimum standards. Notably, the tiered impact rating methodology would bring all cyber assets that could impact BES facilities into the scope of the CIP standards.
The action reflects the dynamic cybersecurity environment, which is moving toward proactive efforts for flexible and timely response to threats rather than basic compliance. While mandatory standards provide protection against known threats, electric utility sector and government agencies are increasingly coordinating their activities to maintain reliability against new and evolving threats. Additional interdependence between the electric grid and other infrastructure sectors, such as water and transportation, also raise concerns over the need for similar mandatory standards in these sectors.
As of now, electricity grid and nuclear generation are the only critical infrastructure sectors with mandatory and enforceable cybersecurity standards. Pursuant to the Energy Policy Act of 2005, NERC works with electric industry, regional entities, and state and federal agencies to develop reliability and cybersecurity standards that apply across the North American grid, including parts of Canada and Mexico. NERC standards are subject to FERC review and approval, and are periodically updated as potential threats evolve.
Originally published by EnerKnol.
EnerKnol provides U.S. energy policy research and data services to support investment decisions across all sectors of the energy industry. Headquartered in New York City, EnerKnol is proud to be a NYC ACRE company.
