A New Direction from the Federal Energy Regulatory Commission (FERC)

It has recently been determined by The Federal Energy Regulatory Commission (FERC), that there is a pressing need to strengthen information security and cybersecurity issues associated with reducing the vulnerability of the power grid to attacks. Additionally, FERC has clearly identified a critical need to further enhance the structural security of the nation's most vital Bulk-Power System facilities.

How FERC Impacts the Nation's Energy Supply

FERC is responsible for and charged with meeting the nation's increased energy demands. In addition, FERC must respond to critical energy infrastructure applications in a timely manner with constructive decisions that protect the environment while fostering the growth of a sustainable infrastructure across the country.

In a recent change of direction, FERC has indicated moving forward with an approval of the structural security Reliability Standard (CIP-014-1) which was submitted by the North American Electric Reliability Corporation (NERC).

How can Physical Security Affect Data Security?

In early March of 2014, FERC stated that the existing Critical Infrastructure Protection (CIP) reliability guidelines are seriously lacking in specifications and requirements to reasonably establish protection against structural attacks which could adversely impact the grid's operational safety. As you likely know, a good cybersecurity strategy needs a solid physical security game plan in place too.

NERC is directed to research, develop and submit new standards and specifications that require the owners and operators of Bulk-Power System to perform the following:

  •  A complete risk assessment of their systems to identify critical facilities

  • An evaluation of potential threats to those facilities

  • An evaluation of all potential vulnerabilities to those facilities

Subsequently, they are directed to research, develop and implement a security plan to safeguard and protect against attacks on all of their facilities.

At large enterprise operations, this might require that the Chief Security Officer (CSO) and Chief Information Security Officer (CISO) communicate with one another in regards to a comprehensive set of criteria. In this way, they can generate a plan that puts forth a unified front against attacks.

While this new directive will require an additional layer of diligence for an organization, it will certainly lead to better security for IT systems and data. 

Jacqueline von Ogden

Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".