Energy Alert — FERC proposes new critical infrastructure - .PDF file.
On April 18, 2013, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) to approve, subject to certain modifications, Version 5 of the Critical Infrastructure Protection Reliability Standards (CIP Standards) proposed by the North American Electric Reliability Corporation (NERC). Version 5 of the CIP Standards contains new requirements that address cybersecurity controls and expand the scope of systems subject to the requirements. In light of this proposal, FERC is proposing to skip the implementation of Version 4 of the CIP Standards entirely and move straight to implementing Version 5. Version 4 of the standards was approved only last year and was scheduled to go into effect in April 2014. Comments on the NOPR will be due 60 days after publication in the Federal Register, likely around June 20, 2013.
As proposed, Version 5 of the CIP Standards includes 12 requirements for new cybersecurity controls. These requirements address Electronic Security Perimeters, Systems Security Management, Incident Reporting and Response Planning, Recovery Plans for Bulk Electric Cyber Systems, Configuration Change Management and Vulnerability Assessments…
If you are registered and logged in to the site, click on the link below to read the rest of the Hogan Lovells briefing. If not, please register or sign in with your details below.