Download:
pdf |
pdfJanuary 18, 2018
News Media Contact
Craig Cano | 202-502-8680
Docket Nos. RM17-13-000 and RM17-12-000
Item Nos. E-2 and E-3
FERC Proposes to Adopt Enhanced Supply Chain Risk Management Reliability Standards
The Federal Energy Regulatory Commission (FERC) today proposed to approve new mandatory Reliability Standards to
bolster supply chain risk management protections for the nation’s bulk electric system. The proposed standards are
intended to augment current Critical Infrastructure Protection standards to mitigate cyber security risks associated
with the supply chain for the grid-related cyber systems.
The North American Electric Reliability Corporation (NERC) proposed the standards in response to FERC Order No. 829,
which directed the electric reliability organization to develop standards to address supply chain risk management for
industrial control system hardware, software, and computing and networking services. The Commission believes that
the global supply chain provides opportunity for significant benefits to customers but also presents opportunities to
affect management or operations of generation or transmission companies that may result in risks to end-users.
Today’s Notice of Proposed Rulemaking (NOPR) concludes that NERC’s proposals constitute substantial progress in
addressing the supply chain cyber security risks identified by the Commission. However, it also finds a significant cyber
security risk remains because the proposed standards exclude Electronic Access Control and Monitoring Systems
(EACMS), Physical Access Controls (PACs) and Protected Cyber Assets (PCAs).
To address that gap, FERC proposes to direct NERC to include EACMS associated with medium- and high-impact bulk
electric system cyber systems within the scope of the supply chain risk management Reliability Standards as well as to
evaluate the risks presented by PACs and PCAs as part of a study already proposed by the NERC Board.
Comments on the NOPR are due 60 days after publication in the Federal Register.
In a separate order, the Commission approved a series of new Emergency Preparedness and Operations (EOP) Reliability
Standards. The standards will enhance reliability by:
•
•
•
•
Providing accurate reporting of events to NERC’s event analysis group to examine the impact on reliability of
the grid (EOP-004-4);
Delineating the roles and responsibilities of entities that support system restoration from blackstart resources
(EOP-005-3);
Clarifying the procedures and coordination requirements for reliability coordinator personnel to execute system
restoration processes (EOP-006-3); and
Refining the required elements of an operating plan used to continue reliable operation of the grid if primary
control functionality is lost (EOP-008-2).
R-18-09
(30)
File Type | application/pdf |
File Title | Headline |
Author | Judy Eastwood |
File Modified | 2018-01-24 |
File Created | 2018-01-18 |