[UPDATE]: FERC Order 706 (.pdf)
From Utility Automation & Engineering:
The Federal Energy Regulatory Commission (FERC) approved eight new mandatory critical infrastructure protection (CIP) reliability standards designed to protect the nation’s bulk power system against potential disruptions from cyber security breaches.
The reliability standards were developed by the North American Electric Reliability Corporation (NERC), which FERC has designated as the electric reliability organization (ERO).
“Today we achieve a milestone by adopting the first mandatory and enforceable reliability standards that address cyber security concerns on the bulk power system in the United States,” FERC chairman Joseph T. Kelliher said. “The electric industry now can move on to the implementation of the standards in conjunction with improvement of these standards in order to increase the security and reliability of the bulk power system.”
Additional actions in the final rule direct the ERO to develop modifications to these reliability standards, via its reliability standards development process, and then submit them to FERC for approval. The modifications directed for development concern various oversight and technical issues pertaining to cyber protections. These include removal of language that allowed variable implementation of standards based on “reasonable business judgment” and a new framework of accountability surrounding exceptions based on technical feasibility.
The final rule also directs NERC to monitor the development and implementation of cyber security standards by the National Institute of Standards and Technology (NIST) to “determine if they contain provisions that will protect the Bulk-Power System better than the CIP Reliability Standards,” FERC said. But FERC did not direct NERC to adopt the NIST standards because that could lead to possible delays in putting into place any mandatory and enforceable standards.
(thx Brit)
[tags]NERC, FERC, Cyber Security, Reliability Standards[/tags]