At its monthly open meeting on June 26, the Federal Energy Regulatory Commission formally decided to take no action on a notice of inquiry that sought comments on whether to modify the CIP standards to address the risks of coordinated cyberattacks and to better align with the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
The NOI was published in 2020.
When the notice of inquiry was published, APPA and the Large Public Power Council jointly commented, focused on FERC’s questions about whether the CIP standards applicable to low impact systems were adequate.
The groups offered evidence that additional standards for low impact systems are unnecessary, and that the existing framework was consistent with a risk-based approach to cybersecurity.
After considering comments filed in response to the notice of inquiry, and in recognition of several enhancements to NERC’s CIP standards over the past five years, FERC exercised its discretion to terminate the inquiry without further action, consistent with APPA’s arguments.
