Project 2023-03 Internal Network Security Monitoring (INSM)

Related Files

Status
The comment and nomination period for the Project 2023-03 Internal Network Security Monitoring Standard Authorization Request (SAR) concluded at 8 p.m. Eastern, Friday, May 5, 2023.

Background
On January 19, 2023, the Federal Energy Regulatory Commission (FERC) issued Order No. 887¹ directing NERC to develop requirements within the Critical Infrastructure Protection (CIP) Reliability Standards for internal network security monitoring (INSM) of all high impact BES Cyber Systems and medium impact BES Cyber Systems with External Routable Connectivity (ERC). INSM permits entities to monitor traffic once it is within a trusted zone, such as the Electronic Security Perimeter, to detect intrusions or malicious activity. Specifically, Order No. 887 directs NERC to develop Reliability Standards requirements that are “forward-looking, objective-based"² and address three security objectives outlined in Order No. 887. FERC directed NERC to submit these revisions for approval by July 9, 2024.

Order No. 887 also directed NERC to conduct a study on the risks of lack of INSM for medium impact BES Cyber Systems without ERC, all low impact BES Cyber Systems, and on the challenges and solutions for implementing INSM for those BES Cyber Systems. NERC is conducting the study, which is to be filed with FERC by January 18, 2024.

Standard(s) Affected: CIP-005-7, CIP-010-4, and CIP-013-2

Purpose/Industry Need
While the CIP Reliability Standards require monitoring of the Electronic Security Perimeter and associated systems for high and medium impact Bulk Electric System (BES) Cyber Systems, the CIP networked environment remains vulnerable to attacks that bypass network perimeter-based security controls traditionally used to identify the early phases of an attack. This presents a gap in the currently effective CIP Reliability Standards. To address this gap, CIP Reliability Standards should be created or modified to require INSM for all high impact BES Cyber Systems and medium impact BES Cyber Systems with External Routable Connectivity (ERC) to ensure the detection of anomalous network activity indicative of an attack in progress. These provisions will increase the probability of early detection and allow for quicker mitigation and recovery from an attack. Current CIP Reliability Standards are insufficient to protect against insider threats or vulnerabilities that are exploited through supply chain attacks such as SolarWinds.

¹ Internal Network Security Monitoring for High and Medium Impact Bulk electric System Cyber Systems, Order No. 887, 182 FERC ¶ 61,021 (Jan. 19, 2023).
² Order No. 87 at P 5.

Draft	Actions	Dates	Results	Consideration of Comments
Drafting Team Nominations Supporting Materials Unofficial Nomination Form (Word)	Nomination Period Info Submit Nominations	04/06/2023 – 05/05/2023
Standard Authorization Request Supporting Materials Unofficial Comment Form (Word)	Comment Period Info Submit Comments	04/06/2023 – 05/05/2023	Comments Received

Atlanta Office | 3353 Peachtree Road, NE Suite 600 North Tower, Atlanta, GA 30326 | 404-446-2560
Washington Office | 1401 H Street NW, Suite 410, Washington, DC 20005| 202-400-3000

Group Health Plan Transparency in Coverage Files*

*This link leads to the machine-readable files that are made available in response to the federal Transparency in Coverage Rule and includes negotiated service rates and out-of-network allowed amounts between health plans and healthcare providers. The machine-readable files are formatted to allow researchers, regulators, and application developers to more easily access and analyze data.

Project-2023-03-INSM // <![CDATA[ _spBodyOnLoadFunctionNames.push("setupPageDescriptionCallout"); // ]]>

Project-2023-03-INSM