Source: Federal Energy Regulatory Commission – Docket No. RD19-3-000
The Federal Energy Regulatory Commission (FERC) recently expanded the reporting requirements for cybersecurity incidents involving attempts to compromise the operation of the grid.
The revised CIP-008-6 (Cyber Security – Incident Reporting and Response Planning) requires the reporting of cybersecurity incidents that either compromise or attempt to compromise Electronic Security Perimeters, Electronic Access Control or Monitoring Systems and Physical Security Perimeters associated cyber systems. The new standard also includes disruptions or attempts to disrupt the operation of a bulk electric system cyber system.
The standard requires each responsible entity to establish criteria for identifying attempts to compromise a cyber asset and apply those criteria in its cybersecurity incident identification process. This approach provides entities the flexibility to develop criteria appropriate to their systems, FERC said.
The new standard also addresses the information to be included in Cyber Security Incident reports, their dissemination and deadlines for filing. It requires entities to send reports and updates to the Electricity Information Sharing and Analysis Center and the Department of Homeland Security’s National Cybersecurity and Communications Integration Center.
Previously, under the Critical Infrastructure Protection Reliability Standards, entities were only required to report incidents that compromised or disrupted one or more reliability tasks.
Effective dates of CIP-008-6 (NERC Project 2018-02 Modifications to CIP-008 Cyber Security Incident Reporting) are 18 months after the FERC order is published in the Federal Registrar.