The Federal Energy Regulatory Commission on Sept. 18 voted unanimously to approve a suite of actions focused on modernizing the reliability and security of the nation’s bulk power system in the face of threats in cybersecurity, supply chain risk management, and extreme cold weather.
“The reliability and security of our country’s electric system is essential to our economic prosperity, national security, and everyone’s wellbeing,” FERC Chairman David Rosner said. “The actions we are taking today are necessary to ensure our grid is resilient for all Americans today and in the future.”
The Commission approved the following:
Final Rule on Supply Chain Risk Management Reliability Standards Revisions (RM24-4-000 and RM20-19-000)
The final rule largely adopts the Commission’s Notice of Proposed Rulemaking from September 2024 directing the North American Electric Reliability Corporation (NERC) to address supply chain risks in new or modified Reliability Standards. These Standards will also extend existing Supply Chain Risk Management Standards to certain network-connected equipment to further protect the electric grid from outside threats.
The final rule is effective 60 days after publication in the Federal Register, and NERC must provide responsive modifications within 18 months of that effective date.
Notice of Proposed Rulemaking on Virtualization Reliability Standards (RM24-8-000)
Proposes to approve four new and 18 modified definitions in NERC’s Glossary of Terms as well as 11 modified Critical Infrastructure Protection (CIP) Reliability Standards to enable compliant virtualization. While existing CIP Standards were designed with the assumption that hardware and software are installed and protected on-site, these modifications are designed to protect virtual and cloud-based technologies applied within the Bulk Power System, enabling cost-saving efficiencies through technological modernization.
The Commission also seeks public comment on NERC’s proposed changes to its existing technical feasibility exception program.
Notice of Proposed Rulemaking on Critical Infrastructure Protection Reliability Standard CIP-003-11 (RM25-8-000)
Proposes to approve a revised Reliability Standard to enhance the cybersecurity of low-impact Bulk Electric System (BES) Cyber Systems against the threat of a coordinated cyber-attack by establishing new security requirements for communications and system management.
The Commission also seeks public comment on the evolution of threats to low-impact BES Cyber Systems and whether it would be beneficial for NERC to perform a study or develop a whitepaper addressing these evolving threats.
Order Approving Extreme Cold Weather Reliability Standard and Directing Data Collection (RD25-7-000)
Approves NERC’s proposed revisions to Reliability Standard EOP-012 (Extreme Cold Weather Preparedness and Operations), improving the currently effective Standard consistent with the Commission’s directives in its June 2024 Order.
The revised Standard, effective October 1, 2025, improves clarity in communications requirements and helps ensure that needed power is available for the people and businesses which rely on it during extreme cold weather events.
The order also directs NERC to file comprehensive biennial informational filings starting in October 2026 through October 2034 to assess whether the Standard adequately addresses reliability concerns and guides potential future modifications.
