The Federal Energy Regulatory Commission (FERC) issued a Notice of Inquiry (NOI) on June 18, 2020, requesting comments on potential enhancements to the current U.S. Critical Infrastructure Protection (CIP) Reliability Standards (CIP Standards). In the NOI, FERC also seeks input on the potential risk of a coordinated cyberattack on geographically distributed targets and the need for FERC to address such risk.
In a related development, that same day FERC Staff (Staff) issued a Cybersecurity Incentives Policy White Paper (the White Paper) that discusses a potential new framework for providing transmission incentives to utilities for cybersecurity investments. The Staff presents a framework for providing transmission incentives to utilities “for cybersecurity investments that produce significant benefits for actions that exceed” the CIP Standards.
The NOI
CIP Standards are mandatory and enforceable following their approval by FERC. They are intended to provide a risk-based, defense-in-depth approach to cybersecurity of the bulk electric system (BES).
An important source for improving the CIP Standards to address evolving cyber threats is the National Institute of Standards…
