By Rich Heidorn Jr.
FERC on Thursday approved reliability standards for mitigating supply chain risks in industrial control system hardware, software and computing and networking services. The commission also ordered NERC to develop rules expanding the supply chain protections to include electronic access control and monitoring systems (EACMS).
The commission’s final rule, intended to build on existing critical infrastructure protection (CIP) standards, approved NERC reliability standards CIP-013-1 (Cyber Security – Supply Chain Risk Management), CIP-005-6 (Cyber Security – Electronic Security Perimeter(s)) and CIP-010-3 (Cyber Security – Configuration Change Management and Vulnerability Assessments). The final rule hews closely to the commission’s January 2018 Notice of Proposed Rulemaking (RM17-13). (See FERC Backs NERC Supply Chain Standards.)
| Pixabay
The new rules, effective 60 days after publication in the Federal Register, will be implemented over 18 months, as requested by NERC. The commission said the transition was needed because compliance will likely require technical upgrades, with implications for capital budgets and planning cycles that have longer time…
