Strengthened cyber security standards approved

subscribe

Eight revised cyber security standards for the North American bulk power system were approved by the North American Electric Reliability CorporationÂ’s (NERC) independent Board of Trustees.

The action represents the completion of phase one of NERCÂ’s cyber security standards revision work plan which was launched in July 2008. Work continues on phase two of the revision plan, with version three standards already under development.

The revised standards were recently passed by the electric industry with an 88% approval rating, evidence of the industryÂ’s strong support for NERCÂ’s standards development process and the more stringent standards.

The standards are comprised of approximately 40 “good housekeeping” requirements designed to lay a solid foundation of sound security practices that, if properly implemented, will develop the capabilities needed to secure critical infrastructure from cyber security threats. Roughly half of those requirements were modified to clarify or strengthen the standards in this initial, expedited revisions phase.

The revisions begin to address concerns raised by the Federal Energy Regulatory Commission in its Order No. 706, in which it conditionally approved the standards currently in effect. The revisions notably include the removal of the term “reasonable business judgment” from the standards.

Entities found in violation of the standards can be fined up to $1 million per day, per violation in the U.S., with other enforcement provisions in place throughout much of Canada. Audits for compliance with 13 requirements in the cyber security standards currently in effect will begin on July 1.

“The approval of these revisions is evidence that NERC’s industry-driven standards development process is producing results, with the aim of developing a strong foundation for the cyber security of the electric grid,” commented Michael Assante, Vice President and Chief Security Officer at NERC. “We applaud the work of the standards drafting team leading this effort and look forward to presenting phase two of the revisions to the board for approval early in 2010.”

“It’s important to note, however, that these standards are not designed to address specific, imminent cyber security threats,” he continued. “We firmly believe carefully crafted emergency authority is needed at the government level to address this gap.”

Related News

weed zapper

A robot is killing weeds by zapping them with electricity

LONDON - On a field in England, three robots have been given a mission: to find and zap weeds with electricity before planting seeds in the cleared soil.

The robots — named Tom, Dick and Harry — were developed by Small Robot Company to rid land of unwanted weeds with minimal use of chemicals and heavy machinery.
The startup has been working on its autonomous weed killers since 2017, and this April launched Tom, its first commercial robot which is now operational on three UK farms. The other robots are still in the prototype stage, undergoing testing.

Small Robot says robot Tom…

READ MORE
typhoon radar image

Nearly 600 Hong Kong families still without electricity after power supply cut by Typhoon Mangkhut

READ MORE

keyboard

Criminals posing as Toronto Hydro are sending out fraudulent messages

READ MORE

globe

Is The Global Energy Transition On Track?

READ MORE

ukraine-prepares-for-winter-amid-energy-challenges

Ukraine Prepares for Winter Amid Energy Challenges

READ MORE