US federal energy regulator releases proposed cybersecurity rules
VISHNU_KV / Pixabay
US federal energy regulator releases proposed cybersecurity rules

The Federal Energy Regulatory Commission (FERC) Thursday issued a notice of proposed rulemaking to increase network security monitoring for high and medium-impact bulk power systems to protect against cyberattacks.

Existing Critical Infrastructure Protection (CIP) reliability standards focus on the security perimeter of computer networks, and there is concern that those standards do not address vulnerabilities to internal networks. The move to require internal network security monitoring attempts to address situations in which individuals with trusted access, such as authorized vendors, might still introduce a cybersecurity risk to those systems. The 2020 Solarwinds attack is an example in which a vendor was leveraged to compromise public and private networks.

FERC hopes that the new standards will “ensure that utilities maintain visibility over communications in their protected networks.” Utilities will be able to better detect attacks, which will give them vital time to act before an attacker can fully compromise the network. Internal monitoring can also help speed recovery from attacks, and provide valuable assessments of network vulnerability.

The agency is seeking comments on the proposed rulemaking. Comments are due sixty days after notice has been published in the Federal Register.