A New Direction from the Federal Energy Regulatory Commission (FERC)

Jacqueline von Ogden
by Jacqueline von Ogden
August 07, 2014
Table of Contents
Table of Contents

It has recently been determined by The Federal Energy Regulatory Commission (FERC), that there is a pressing need to strengthen information security and cybersecurity issues associated with reducing the vulnerability of the power grid to attacks. Additionally, FERC has clearly identified a critical need to further enhance the structural security of the nation's most vital Bulk-Power System facilities.

 

How FERC Impacts the Nation's Energy Supply

FERC is responsible for and charged with meeting the nation's increased energy demands. In addition, FERC must respond to critical energy infrastructure applications in a timely manner with constructive decisions that protect the environment while fostering the growth of a sustainable infrastructure across the country.

In a recent change of direction, FERC has indicated moving forward with approval of the structural security Reliability Standard (CIP-014-1) which was submitted by the North American Electric Reliability Corporation (NERC).

 

How can Physical Security Affect Data Security?

In early March of 2014, FERC stated that the existing Critical Infrastructure Protection (CIP) reliability guidelines are seriously lacking in specifications and requirements to reasonably establish protection against structural attacks which could adversely impact the grid's operational safety. As you likely know, a good cybersecurity strategy needs a solid physical security game plan in place too.

NERC is directed to research, develop and submit new standards and specifications that require the owners and operators of Bulk-Power Systems to perform the following:

  •  A complete risk assessment of their systems to identify critical facilities

  • An evaluation of potential threats to those facilities

  • An evaluation of all potential vulnerabilities to those facilities

Subsequently, they are directed to research, develop and implement a security plan to safeguard and protect against attacks on all of their facilities.

At large enterprise operations, this might require that the Chief Security Officer (CSO) and Chief Information Security Officer (CISO) communicate with one another in regard to a comprehensive set of criteria. In this way, they can generate a plan that puts forth a unified front against attacks.

While this new directive will require an additional layer of diligence for an organization, it will certainly lead to better security for IT systems and data. 

Cimcor_Technical_Summary
Tags:
Cybersecurity
Jacqueline von Ogden
Post by Jacqueline von Ogden
August 7, 2014
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".
Follow me on LinkedIn

About Cimcor

Cimcor’s File Integrity Monitoring solution, CimTrak, helps enterprise IT and security teams secure critical assets and simplify compliance. Easily identify, prohibit, and remediate unknown or unauthorized changes in real-time

2023 Cybercrime Report
UNDERSTANDING THE PROFESSIONALIZATION OF CYBERCRIME

2023 Cybercrime Landscape Report

GET THE FREE REPORT

Related Blog Posts

  • Jacqueline von Ogden
    |
     
  • May 28, 2014
Utilizing Penetration Testing to Secure an Organization IT Environment

2 min read

Community Health Systems Breach
  • Jacqueline von Ogden
    |
     
  • September 10, 2014
Community Health Systems Breach

1 min read

Every October is National Cyber Security Awareness Month
  • Jacqueline von Ogden
    |
     
  • October 22, 2014
Every October is National Cyber Security Awareness Month

1 min read