NEWS Release (RD23-3)

News Release -low impact cyber 031623 FINAL.docx

RD23-3 (CLO) FERC-725B(5), (Mandatory Reliability Standards, Critical Infrastructure Protection (CIP-003-9)

NEWS Release (RD23-3)

OMB: 1902-0331

Document [docx]
Download: docx | pdf



March 16, 2023
News Media Contact:
Mary O’Driscoll

MediaDL@ferc.gov





FERC Approves Extending Risk Management Practices to Low-Impact Cyber Systems

FERC today approved a new cybersecurity standard that will expand supply chain risk management practices for low-impact bulk electric system cyber systems.

The new standard, proposed by the North American Electric Reliability Corporation (NERC) in December 2022, requires entities with bulk electric system facilities whose assets are designated low-impact to have methods for determining and disabling vendor remote access. Generally, low-impact assets are generation or transmission facilities that pose a lower risk to the bulk electric system if they are compromised.

This standard improves the reliability of the grid by expanding existing security controls to provide greater visibility into electronic communication between low-impact bulk electric system cyber systems and vendors. These security controls will allow detection and the ability to disable vendor remote access in the event of a known or suspected malicious communication.

The vast majority of BES assets today are considered low-impact and that number is only expected to grow,” Chairman Phillips said. “To not protect these BES assets against one of the most frequent attack scenarios – supply chain – would be a big mistake.”

R23-23


(30)





CH1_letterhead-bw-03-03.png

888 First Street | Washington, DC 20426

File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
AuthorKayla Williams
File Modified0000-00-00
File Created2023-07-29

© 2024 OMB.report | Privacy Policy