Tendersinfo keep you informed about the latest events in the national and international Procurement Industry. Procurement News provides in-depth coverage of the procurement industry, including contract awards, contract additions, new contract wins, mergers and acquisitions. Tendersinfo through its tender news section provides an update on all domestic and global tendering opportunities, invitation to bid & trade leads.
United States : FERC Directs Development of Standards for Supply Chain Cyber Controls
Publish Date : 23-Jul-2016
The Federal Energy Regulatory Commission (FERC) acted today to improve the cyber security of the bulk electric system by directing the North American Electric Reliability Corporation (NERC) to develop a new supply chain risk management standard that addresses risks to information systems and related bulk electric system assets.
In todays rule, FERC directed NERC to develop a forward-looking, objective-based Critical Infrastructure Protection (CIP) Reliability Standard that requires each affected entity to develop and implement a plan that includes security controls for supply chain management for industrial control system hardware, software, and services associated with bulk electric system operations.
The new or modified Reliability Standard should address software integrity and authenticity; vendor remote access; information system planning; and vendor risk management and procurement controls. There is no requirement for any specific controls, nor does FERC require any one-size-fits-all requirements. The new or modified Reliability Standard should instead require responsible entities to develop a plan to meet the four objectives while providing flexibility to responsible entities as to how to meet those objectives. NERC is required to submit the new or modified Reliability Standard within one year of the effective date of the final rule.
Also today, FERC issued a Notice of Inquiry (NOI) into modifying CIP standards regarding the protection of control centers that are used to monitor and control the bulk electric system in real-time. Cyber systems are used extensively to operate and maintain interconnected transmission networks. The 2015 cyberattack on the electric grid in Ukraine is an example of how cyber systems used to operate and maintain interconnected networks more efficiently can have the unintended effect of creating cyber vulnerabilities.
In this case, the Commission is seeking comment on possible modifications, and any potential impacts they may have on the operation of the Bulk-Power System, to address separation between the internet and the cyber systems in control centers that perform transmission operator functions, and computer administration practices that prevent unauthorized programs from running, known as application whitelisting, for cyber systems in control centers.
