The Federal Energy Regulatory Commission (FERC) is tasked with keeping our electric grid safe and maintaining reliable and secure energy for U.S. consumers. On January 20, FERC issued a Notice of Proposed Rulemaking (NOPR) that proposes to strengthen its Critical Infrastructure Protection Reliability Standards by requiring internal network security monitoring for high and medium impact bulk electric system cyber systems.
According to the NOPR, the current Reliability Standards do not address internal network security monitoring and this omission constitutes a gap. The NOPR proposes to direct the North American Electric Reliability Commission to develop such standards that require internal network security monitoring “that would ensure that responsible entities maintain visibility over communications between networked devices,” hopefully to increase the probability of early detection of a cyber-attack. The NOPR referred to the need for the internal network security monitoring in light of the highly publicized Solar Winds cyber-attack as the attack “demonstrates how an attacker can bypass all network perimeter-based security controls traditionally used to identify the early phases of an attack.” Comments to the proposed NOPR will be due 60 days after publication in the Federal Register.