The Federal Energy Regulatory Commission (FERC) published a notice of proposed rulemaking (NPRM), suggesting updates to the Critical Infrastructure Protection Reliability Standard governing cybersecurity management controls for bulk electric system (BES) assets, called CIP-003. The CIP program is a collection of standards designed to address the security of the bulk power system. Edgard Capdevielle, CEO at Nozomi Networks commented below.
Edgard Capdevielle, CEO at Nozomi Networks:
“Over the last decade NERC CIP regulations have helped propel cybersecurity programs for large scale power producers forward. The move to expand to low impact operators is therefore not a surprise, and should be welcomed.
“That said, it’s a common adage in the industry that regulations alone do not ensure cybersecurity, but what it does is ensure the issue is elevated which generates awareness amongst top management. In tandem, guidelines can also fuel the basics of a cybersecurity program and many power producers have used these regulations as a foundation for their own cybersecurity programs.
“In recent years we have seen grid security surge forward, perhaps in spite of regulation, as resilience is recognized as essential to all those operating the grid. Fortunately for power system operators of all sizes, new technology innovations are giving operators the tools to rapidly identify and mitigate cybersecurity threats to the systems that operate power generation and distribution.”