FERC moves to combat emerging cybersecurity vulnerabilities
Federal regulators have begun a push for new cybersecurity defenses to prevent sophisticated attackers from penetrating utility control rooms and other industrial control system centers by infiltrating malware on third-party vendors’ products.
A proposed rulemaking announced Thursday by the Federal Energy Regulatory Commission would require utility industry representatives to develop a new security strategy and standard for supply chain management processes.
FERC is also seeking comment on a second proposed order to the industry’s standards group, the North American Electric Reliability Corp., which would require additional security controls to safeguard communications between grid control centers when vital controls data is traveling on unprotected third-party communications channels.
Several industry officials and experts, asked to respond to FERC’s actions, said new standards on these issues would be hard to write for different reasons but were vital nonetheless.
“I’m happy to see that these initiatives are moving forward,” said cyberdefense developer Billy Rios, whose “WhiteScope” listing identifies trusted vendor products for industrial control systems (ICS) and supervisory control and data (SCADA) systems, both used by operators to manage the power grid. “I don’t believe we have scalable solutions in place for any of these parts of the supply chain defense.”