In response to concerns regarding the security of control systems used for power delivery, the Federal Energy Regulatory Commission (FERC) issued Order No. 829 directing NERC to develop a new reliability standard to mitigate the risk of a cybersecurity breach of power system SCADA, DCS and EMS systems. The new standard will focus on cyber system supply chain risk resulting from unauthorized embedded firmware or software and calls for NERC to provide industry wide minimum supply chain oriented requirements. These new requirements will modify the processes and procedures used by utilities to acquire control system hardware and software.
FERC’s order specifically directed that the industry provide stronger management of the procurement process for power system control system hardware, software, computing and networking services associated with Bulk Electric System (BES) operations. NERC must file its new standard with FERC on or before September 2017.
NERC will develop this as a forward-looking, objective-based reliability standard that requires each affected utility to develop and implement a strong procurement process. The resulting final standard must achieve the following security objectives:
Since NERC reliability standards only identify the reliability objectives and desired results, utilities will be required to develop procurement and operational risk management oriented methods to deliver the required results related to these four objectives.
To learn more about the standard and next steps for implementation and compliance, please download TRC’s Regulatory Update.