This has not been a joyful winter for energy industry executives. They have repeatedly awoken to alerts that substations in the Northwest and Southeast have been physically attacked and that a major engineering firm was the subject of a ransomware cyberattack that may have compromised utility data.
Federal regulators are taking notice. On December 7, the Federal Energy Regulatory Commission (FERC) and the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) held a joint technical conference to discuss supply chain risk management in light of increasing threats to the Bulk Power System. Multiple government participants identified the possible need to normalize the use of software bill of materials and hardware bill of materials in the electric industry. Several days later, FERC directed the North American Electric Reliability Corporation (NERC) to re-examine its Physical Security Reliability Standard, CIP-014-1. Congress, for its part, responded to growing cybersecurity threats to energy infrastructure by increasing CESER’s budget by almost 7.5% in the recent omnibus appropriations bill and appropriating $20 million for the Cyber…
