News Release regarding RM17-11-000 NOPR

News Release regarding RM17-11-000 NOPR.pdf

FERC-725B, (NOPR in RM17-11-000) Mandatory Reliability Standards for Critical Infrastructure Protection [CIP] Reliability Standards

News Release regarding RM17-11-000 NOPR

OMB: 1902-0248

⚠️ Notice: This form may be outdated. More recent filings and information on OMB 1902-0248 can be found here:

Document [pdf]

Download: pdf | pdf

October 19, 2017
News Media Contact
Craig Cano | 202-502-8680
Docket Nos. RM17-11-000, RM15-11-002
Item Nos. E-1, E-2

FERC Proposes New Security Management Controls for Grid Cyber Systems
The Federal Energy Regulatory Commission (FERC) today proposed new cyber security management controls to further
enhance the reliability and resilience of the nation’s bulk electric system. These include mandatory controls to address
the risks posed by malware from transient electronic devices like laptop computers, thumb drives and other devices
used at low-impact bulk electric system cyber systems.
FERC proposes to approve Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-7 (Cyber Security –
Security Management Controls), which is designed to mitigate cyber security risks that could affect the reliable
operation of the Bulk-Power System. The proposed standard improves upon the current Commission-approved CIP
standards by clarifying the obligations that pertain to electronic access control for low-impact cyber systems; adopting
mandatory security controls for transient electronic devices, such as thumb drives and laptop computers; and requiring
responsible entities to have a policy for declaring and responding to CIP exceptional circumstances related to lowimpact cyber systems.
Today’s Notice of Proposed Rulemaking also proposes to direct the North American Electric Reliability Corp. (NERC) to
develop modifications to provide clear, objective criteria for electronic access controls for low-impact cyber systems
and to address the need to mitigate the risk of malicious code that could result from third-party transient electronic
devices. These modifications will address potential gaps and improve the cyber security posture of entities that must
comply with the CIP standards.
In a separate order, the Commission accepted NERC’s preliminary geomagnetic disturbance (GMD) research work plan
and directed that NERC file a final plan within six months. The work plan identifies nine GMD-related research areas
and sets an estimated time frame for their completion. Today’s order, among other things, provides NERC with
guidance on how to prioritize the GMD research.

R-18-02

(30)

File Type	application/pdf
File Title	Headline
Author	Diane Bernier
File Modified	2017-10-19
File Created	2017-10-19