On January 18, 2018, the Federal Energy Regulatory Commission (“FERC”) issued a Notice of Proposed Rulemaking (“NOPR”) that proposes the adoption of new mandatory Reliability Standards designed to mitigate cybersecurity risk in the supply chain for electric grid-related cyber systems. The Reliability Standards were developed by the North American Electric Reliability Corporation (“NERC”) in response to FERC Order No. 829, which ordered the development of standards to address supply chain risk management for industrial control system hardware, software and computing and networking services.
FERC’s NOPR acknowledged the “substantial progress” NERC had made in addressing the supply chain cybersecurity risks and identified remaining areas of “significant” cybersecurity risk. The NOPR proposes that NERC amend the Reliability Standards to address Electronic Access Control and Monitoring Systems associated with “medium-and-high-impact bulk electric system cyber systems.” The NOPR also proposes to direct NERC to evaluate the cybersecurity risks presented by Physical Access Controls and Protected Cyber Assets, as part of a study previously proposed by the NERC Board.
Comments on the NOPR are due 60 days after publication in the Federal Register.