On October 18, 2018 the Federal Energy Regulatory Commission (“FERC”) approved three (3) Critical Infrastructure Protection (CIP) Reliability Standards including a long awaited supply chain risk management standard for the electric sector which, among other things, will require electric utilities to develop, document, and implement a supply chain cybersecurity risk management plan for any cyber systems that are classified as “medium” or “high” impact as defined by the North American Electric Reliability Corporation (“NERC”). The new regulations are aimed at ensuring software integrity and authenticity, strengthening vendor remote access protections and addressing vendor risk management procedures and controls. Responsible entities will have until June 2020 to comply with the new standards, in large part because it is projected that compliance will require significant…
