New cybersecurity standard a step closer

The proposed changes provide significant improvements to the existing standard by including a specific list of criteria for entities to identify their critical assets.

“Confirmation by the registered entities of their critical assets was a key priority for my first year as president and CEO of NERC,” says Gerry Cauley, President and CEO of NERC. “Recognizing that protecting cyber assets is critical to the electric utility’s infrastructure, as well as national and international security, the revisions to CIP-002-4 were advanced ahead of other cyber security standard improvements. This initial passage by the stakeholders represents a major progression in protecting the North American grid and ensuring reliability. I commend the stakeholders and the standard drafting team for the tremendous work they have done.”

CIP-002-4 is a foundational standard with the remaining CIP standards CIP-002 through CIP-009 relying on a complete and accurate identification of assets critical to reliability. Because entities are so tightly interconnected, a vulnerability that seems insignificant to a single entity can place the entire grid in a state of vulnerability.

“While NERC’s ANSI-based standard process requires a final “recirculation” ballot to allow stakeholders to confirm or modify their previous ballots, this standard appears to be on a path for approval by the end of the year or shortly thereafter,” says Cauley. The standard then goes to the NERC Board of Trustees for approval and then the new standard is filed with the with the Federal Energy Regulatory Commission for approval under provisions of the Federal Power Act section 215.

In addition to working on the implementation of the CIP-002-4 standard, NERC is expediting implementation of the NERC/Department of Energy High Impact, Low Frequency reportÂ’s geomagnetic and electromagnetic pulse recommendations. As part of this effort, NERC will establish independent validation and industry approaches to develop and deploy Geomagnetic Disturbance mitigation strategies and technologies to protect the power grid.