Energy Commission Looks to Strengthen Grid’s Cyber Security - Capstone Brokerage

Cyber Security Insurance Las Vegas

By: Judy Greenwald, Business Insurance, July 2015

The Federal Energy Regulatory Commission is proposing rules intended to improve the nationwide electric system’s cyber security.

FERC said in a statement last week that it is seeking comment on seven updated critical infrastructure protection reliability standards proposed by the North American Electric Reliability Corp., an Atlanta-based industry group.

The standards are intended to address risks to communication networks and related bulk electric system assets, as well as the development of standards for supply chain management security controls to protect the bulk electric system from system vulnerabilities and malware threats, FERC said in its statement.

The new standards would address issues ranging from personnel and training to physical security of the bulk electric system’s cyber systems and information protection, FERC said.

“Regarding supply chain management, recent malware campaigns targeting supply chain vendors highlight a gap in protection under the (Critical Infrastructure Protection) Reliability Standards.

“In this new type of campaign, malware is injected into hardware or software components used for operations, or tools used to perform maintenance or other services on network components when in the control of a hardware, software or maintenance vendor, prior to delivery to a customer,” said the statement.

FERC said the goal is “a forward-looking, objective-driven standard that encompasses activities in the system development life cycle from research and development, design and manufacturing to acquisition, delivery, integration, operations, retirement and eventual disposal of the equipment and services.”

Business Insurance