Statement on January FERC Open Meeting Action
WASHINGTON, D.C. – The North American Electric Reliability Corporation appreciates the action taken on revisions to NERC’s Critical Infrastructure Protection Reliability Standards by the Federal Energy Regulatory Commission during its monthly meeting. FERC issued a final rule approving the revised standards, which address issues ranging from personnel and training to security of cyber systems and information protection. While approving the revised CIP standards and the associated implementation plan, FERC also directed certain modifications to the standards related to transient electronic devices, protections for communication network components between control centers and the definition of low-impact external routable connectivity. Additionally, the final rule directs NERC to submit a study on the effectiveness of remote access controls, the risks posed by remote access-related threats and vulnerabilities and appropriate mitigating controls.
Additionally, a FERC staff-led technical conference on CIP supply chain risk management issues will be held on January 28, 2016. FERC indicated it will determine the appropriate course of action after reviewing the record from the technical conference. 

These actions represent significant progress toward mitigating cyber risks to the bulk power system by addressing vulnerability assessments, security management controls, personnel and training, electronic security perimeters, incident reporting and response planning and recovery of cyber systems. NERC and industry have made security a priority and will continue the work toward assuring the reliability of the North American bulk power system.
Posted On: 01/21/2016