Security and Resilience (Cyber and Physical)

FERC Approves Extending Risk Management Practices to Low-Impact Cyber Systems

The Federal Energy Regulatory Commission on March 16 approved a revised cybersecurity standard that will expand supply chain risk management practices for low-impact bulk electric system cyber systems.

The new standard, proposed by the North American Electric Reliability Corporation in December 2022, requires entities with bulk electric system facilities whose assets are designated low impact to have methods for determining and disabling vendor remote access.

Generally, low-impact assets are generation or transmission facilities that pose a lower risk to the bulk electric system if they are compromised.

“This standard improves the reliability of the grid by expanding existing security controls to provide greater visibility into electronic communication between low-impact bulk electric system cyber systems and vendors,” FERC said.

The security controls will allow detection and the ability to disable vendor remote access in the event of a known or suspected malicious communication, it said.