In June of 2016, the Federal Energy Regulatory Commission (FERC) issued orders directing modification of the North American Electric Reliability Corporation’s (NERC) critical infrastructure protection reliability standards (CIP reliability standards). The FERC issued these orders to have the NERC modify CIP reliability standards because of perceived supply chain risks and vulnerabilities associated with the management and control of Bulk Electric System (BES) operations. The new standards will be designed to protect BES operations against and prevent hacking, interference and sabotage to its associated hardware, software, computing and networking infrastructure.
Key Takeaways:
- The Federal Energy Regulatory Commission (FERC or Commission) recently issued three orders related to the North American Electric Reliability Corporation’s (NERC) critical infrastructure protection reliability standards (CIP reliability standards).
- NERC is to develop a new or modified reliability standard that addresses supply chain risk management for industrial control system hardware, software, and computing and networking services associated with BES operations.
- NERC should only address obligations of responsible entities and not directly impose obligations on suppliers, vendors, or other entities that provide products or services to regulated entities.
“FERC issued a final rule directing that NERC develop a new or modified reliability standard that addresses supply chain risk management for industrial control system hardware, software, and computing and networking services associated with Bulk Electric System (BES) operations.”