The proposal would adopt NERC standards on accelerated deadlines and expand the scope of covered assets subject to supply chain risk management. If adopted, these standards could significantly alter the electric utility procurement process for critical IT infrastructure assets and services by requiring that procurement processes address specific supply chain cybersecurity risks.
The Federal Energy Regulatory Commission (FERC or Commission) issued a notice of proposed rulemaking (NOPR) on January 18 proposing to adopt a suite of North American Electric Reliability Corporation (NERC) reliability standards addressing the cybersecurity risks that global supply chains create for the industrial control and other critical systems used by electric utilities. The proposed standards are the result of a lengthy and contentious stakeholder development process, and would require electric utilities to develop plans to mitigate supply chain cybersecurity risks posed by vendor products and services, particularly during the vendor procurement process.
Although the new standards do not require a specific outcome in the procurement process, utilities will need to demonstrate that their…
