News Release for NOPR in RM22-3

1/20/22, 4:50 PM

FERC Moves to Close Gap in Reliability Standards for Electric Grid Cyber Systems | Federal Energy Regulatory Commission

NEWS RELEASES

FERC Moves to Close Gap in Reliability
Standards for Electric Grid Cyber Systems
January 20, 2022

Docket No. RM22-3

Item E-1 | Presentation 
FERC today proposed to strengthen its Critical Infrastructure Protection (CIP) Reliability
Standards by requiring internal network security monitoring (INSM) for high- and mediumimpact bulk electric system cyber systems.
Today’s Notice of Proposed Rulemaking (NOPR) proposes to direct the North American Electric
Reliability Corporation to develop and submit new or modified Reliability Standards to
address a gap in the current standards.
Under existing CIP reliability standards, network security monitoring is focused on defending
the electronic security perimeter of networks. FERC is seeking to address concerns that the
existing standards do not address potential vulnerabilities of the internal network to cyber
threats
INSM addresses situations where vendors or individuals with authorized access that are
considered trustworthy might still introduce a cybersecurity risk. For example, the SolarWinds
attack in 2020 demonstrated how an attacker can bypass network perimeter-based security
controls used to identify and thwart attacks. This supply chain attack leveraged a trusted
vendor to compromise the networks of public and private organizations.
Incorporating INSM requirements into the CIP Reliability Standards would help to ensure that
utilities maintain visibility over communications in their protected networks, FERC said. Doing
so can help detect an attacker’s presence and movements and give the utility time to take
action before an attacker can fully compromise the network. INSM also helps to improve
vulnerability assessments and can speed recovery from an attack.
The NOPR seeks comment on all aspects of the proposed directive to develop and submit new
or modified Reliability Standards for INSM for high- and medium-impact cyber systems. 
Comments on the NOPR are due 60 days after publication in the Federal Register.
R22-18                 
https://www.ferc.gov/news-events/news/ferc-moves-close-gap-reliability-standards-electric-grid-cyber-systems

1/2

1/20/22, 4:50 PM

FERC Moves to Close Gap in Reliability Standards for Electric Grid Cyber Systems | Federal Energy Regulatory Commission

Contact Information
Craig Cano (Electric)
Telephone:
202-502-8680
Email:
[email protected]

This page was last updated on January 20, 2022

https://www.ferc.gov/news-events/news/ferc-moves-close-gap-reliability-standards-electric-grid-cyber-systems

2/2