Energy Regulators Look To Guard Grid From Cyberattacks
The Federal Energy Regulatory Commission (FERC) has set its sights on making the less important parts of the national grid safer against hackers, and has proposed a set of controls to address the growing threat of cyberattacks. Specifically, the agency aims to install mandatory controls to tackle the risks inherent in the use of mobile devices such as laptops and thumb drives that are used at low-impact bulk electric systems.
The FERC also said it will put up for approval a Critical Infrastructure Protection Reliability Standard CIP-003-7, designed to enhance cybersecurity measures under the standards currently in effect by clarifying, FERC said, the obligations involved in electronic access control to low-impact cyber systems, and by prompting the relevant authorities to put in place response policies in case of a system threat.
The new rules were drafted by the North American Electric Reliability Corporation. Low-impact bulk systems include small control centers, sub-stations, and some types of generators and power generation plants. They are considered a lower cybersecurity priority than larger facilities, but could still be targeted by a malware attack, especially through mobile devices that are often more vulnerable to attacks than non-mobile computer infrastructure.