The Federal Energy Regulatory Commission has ordered the North American Electric Reliability Corp. to develop a new or modified reliability standard for industrial-control system hardware, software and computing and networking services associated with bulk-electric system operations.
The FERC order observes that “changes in the bulk electric system cyber threat landscape, exemplified by recent malware campaigns targeting supply chain vendors, have highlighted a gap in the Critical Infrastructure Protection (CIP) Reliability Standards.” The new standard it has ordered the NERC to develop is intended to mitigate the risk of a cybersecurity incident affecting the reliable operation of the bulk-power system.