FERC today acted to strengthen the cybersecurity of the grid by directing the North American Electric Reliability Corporation (NERC) to develop and submit Reliability Standards requiring internal network security monitoring (INSM) for high-impact bulk electric system cyber systems and medium-impact systems with high-speed internet connections.
Today’s final rule also directs NERC to study the risks posed by the lack of INSM. It also directs NERC to study the feasibility of implementing INSM at bulk electric cyber systems that would not be addressed by the new or modified standard.
“The nature of cyber security threats to our nation’s grid require constant monitoring and vigilance,” FERC Chairman Willie L. Phillips said. “One year after we proposed this rule at my first meeting as a Commissioner, we are finalizing this rule in my first meeting as Chairman, and taking a major step to better secure the reliability of our nation’s bulk power system.”
NERC has flexibility in developing the content of the new requirements, but the Commission said the new standards should address the need for entities to develop baselines of their network traffic inside their bulk electric system networked environments and to monitor for and detect unauthorized activity, connections, devices and software inside those networked environments. The new standards also should require entities to identify anomalous activity to a high level of confidence by logging network traffic, maintaining logs and other data and implementing measures to minimize the likelihood of an attacker removing evidence of their tactics, techniques and procedures from compromised devices.
The rule takes effect 60 days after publication in the Federal Register. NERC has 15 months to submit the new standards for Commission approval, and 12 months to submit its report on low-impact bulk electric cyber systems and medium-impact systems with no broadband access.
R23-16