New cybersecurity standard a step closer

NERC CIP-002-4 defines criteria to identify critical assets for cyber security, strengthening electric grid reliability and compliance as NERC and FERC advance approvals, while DOE GMD and EMP mitigation efforts accelerate risk management.

The North American Electric Reliability Corporation NERC is one step closer to approving a new version of the cybersecurity standard, the Critical Cyber Asset Identification CIP-002-4.

The proposed changes provide significant improvements to the existing standard, as reflected in strengthened cyber security standards advanced by NERC, by including a specific list of criteria for entities to identify their critical assets.

“Confirmation by the registered entities of their critical assets was a key priority for my first year as president and CEO of NERC,” says Gerry Cauley, President and CEO of NERC. “Recognizing that protecting cyber assets is critical to the electric utility’s infrastructure, as well as national and international security, and addressing grid security concerns highlighted by NERC, the revisions to CIP-002-4 were advanced ahead of other cyber security standard improvements. This initial passage by the stakeholders represents a major progression in protecting the North American grid and ensuring reliability. I commend the stakeholders and the standard drafting team for the tremendous work they have done.”

CIP-002-4 is a foundational standard that underscores grid owner responsibilities for cyber security, with the remaining CIP standards CIP-002 through CIP-009 relying on a complete and accurate identification of assets critical to reliability. Because entities are so tightly interconnected, a vulnerability that seems insignificant to a single entity can place the entire grid in a state of vulnerability.

“While NERC’s ANSI-based standard process requires a final “recirculation” ballot to allow stakeholders to confirm or modify their previous ballots, this standard appears to be on a path for approval by the end of the year or shortly thereafter,” says Cauley. The standard then goes to the NERC Board of Trustees for approval and then the new standard is filed with the with the Federal Energy Regulatory Commission, where FERC reliability improvements for the power grid are proposed, for approval under provisions of the Federal Power Act section 215.

In addition to working on the implementation of the CIP-002-4 standard, NERC is expediting implementation of the NERC/Department of Energy High Impact, Low Frequency report’s geomagnetic and electromagnetic pulse recommendations. As part of this effort, NERC will establish independent validation and industry approaches informed by industry testimony on cybersecurity legislation to develop and deploy Geomagnetic Disturbance mitigation strategies and technologies to protect the power grid.

Related News

• Electricity Forum News

• Grid Technologies News