New NERC Standards Help Protect Against Cyber Attacks

As part of NERC’s ongoing effort to bolster Critical Infrastructure Protection (CIP) requirements and enable the implementation of a security improvement concept known as virtualization, the organization has developed and approved standard modifications as well as a new standard focused on internal network security monitoring (INSM). CIP-015-1 will be submitted for FERC approval and will lead to new compliance obligations.

Extensive Revisions Support Enhanced Security through Virtualization

NERC’s efforts to enable utility use of virtual operating control technologies for Bulk Electric System (BES) Cyber Systems respond to the directives in FERC Order No. 822. In addition to the new CIP-015-1, revisions are being submitted for 11 CIP Reliability Standards, including new and revised Glossary of Terms definitions.

The proposed revisions accommodate the best cyber operating technologies and are intended to create an enduring and resilient family of CIP reliability standards in the face of a fast-moving technology field. Implementation of virtualization technologies allows for the application of enhanced cyber security controls and the ability to move access controls from the edge of communications networks to inside them. These newer security controls allow the industry to provide tighter security by moving access controls from an outer perimeter, closer to the actual code performing reliability related control tasks. The revised standards cover:

• Cyber Asset and BES Cyber Asset Definitions to Implement Virtualization
• Network and Externally Accessible Devices Security
• Transmission Owner (TO) Control Centers Performing Transmission Operator (TOP) Obligations
• Virtualization

CIP-015-1 Improves Internal Network Monitoring

The new CIP-015-1 closes a security gap identified in FERC Order No. 887. It improves the probability of detecting anomalous or unauthorized network activity to facilitate improved response and recovery from an attack. Internal Network Security Monitoring (INSM) related requirements focus on all high and medium-impact BES Cyber Systems including those with external routable connectivity.

CIP-015-1 requires internal network security monitoring within a trusted Critical Infrastructure Protection networked environment for all high impact BES Cyber Systems with and without external routable connectivity and medium impact BES Cyber Systems with external routable connectivity. The new standard is designed to require the power industry to keep its cyber based operating systems ahead of cyber-attacks. The INSM concept is expected to ensure early detection of network activity indicative of an attack, increasing the probability of early detection and allowing for quicker mitigation and recovery from cyber-attacks.

CIP-015-1 will require utilities to:

• Implement, using a risk-based rationale, network data feed(s) to monitor network activity; including connections, devices, and network communications.
• Implement one or more method(s) to detect anomalous network activity using the network data feed(s)
• Implement one or more method(s) to evaluate anomalous network activity detected to determine further action(s).

Next Steps

NERC is expected to submit the two filings to FERC in response to the recent directives. The approval timeline varies based on FERC’s priorities and the expedited nature of the request. Stakeholders should proactively work to enhance their cybersecurity efforts, considering the forthcoming NERC CIP-015 standard. TRC’s cybersecurity experts, with extensive experience in all power system control subject areas, can provide an independent review of your compliance plans to meet these new mandatory regulations. Stay ahead by aligning your strategies with the proposed requirements to ensure seamless compliance.

Resources

FERC Order No. 822
Modifications to CIP Standards – Project Page
Project 2016-02 Implementation Plan
FERC Order No. 887
INSM related CIP standard change CIP-015 – Project Page
CIP-015-1
CIP-015-1 Implementation Plan

Your Trusted Regulatory Advisor

TRC closely follows the national, provincial, and state regulatory trends in all regions of North America. Our approach to power system security, engineering, planning, design, construction and commissioning testing, balances solutions that incorporate industry reliability risk trends, mandatory reliability standard requirements, regulatory guidance, compliance obligations, best practices, operational goals, and budgets. With expertise in power system planning, engineering, and operations. TRC supports public utilities and private energy providers in their efforts to stay ahead of the regulatory curve and to meet or exceed regulatory requirements as they evolve.

This regulatory update is provided as a service to TRC’s utility clients, helping to keep you informed of forward-looking issues that will impact your company’s electric system reliability risks along with related topics regarding regulatory developments, to help you achieve your company’s business goals.