November 17, 2018

November 16, 2018

Subscribe to Latest Legal News and Analysis

November 15, 2018

Subscribe to Latest Legal News and Analysis

FERC to NERC: Develop Cyber Control Supply Chain Risk Management Standard By J. Daniel Skees and Serge Agbre

On July 21, FERC directed NERC to develop a new or modified “forward-looking, objective-driven” Reliability Standard that addresses supply chain risk management for industrial control system hardware, software, and computing and networking services (“cyber controls”) associated with BES operations. FERC required the standard to address

  • software integrity and authenticity;
  • vendor remote access;
  • information system planning; and
  • vendor risk management and procurement controls.

FERC is concerned that a “gap” exists in the CIP Reliability Standards, which has been highlighted by recent events where malware campaigns have targeted supply chain vendors in BES cyber control systems.

FERC expressed concern that vulnerable systems may be attacked either through hardware or software components of a cyber-control system or a third-party service provider may be attacked who has access to sensitive IT infrastructure or that holds or maintains sensitive data.

Copyright © 2018 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

J. Daniel Skees, Energy attorney, Morgan Lewis
Partner

J. Daniel Skees represents electric utilities before the Federal Energy Regulatory Commission (FERC) and other agencies on rate, regulatory, and transaction matters. He handles rate and tariff proceedings, electric utility and holding company transactions, reliability standards development and compliance, and FERC rulemaking proceedings. The mandatory electric reliability standards under Section 215 of the Federal Power Act are a major focus of Dan’s practice. He advises clients regarding compliance with reliability standards, and helps them participate in the...

202-739-5834
Serge Agbre, Morgan Lewis, Energy Lawyer, FERC Compliance,
Associate

Serge Agbre represents electric, natural gas, and other energy industry participants in a variety of regulatory, transactional, and litigation matters before the Federal Energy Regulatory Commission (FERC). His practice includes related court appeals. Serge represents clients in enforcement matters, rate proceedings, certificate proceedings, and National Environmental Policy Act (NEPA) matters connected to gas infrastructure projects. He also represents electric utilities in rate proceedings, tariff proceedings, and reliability standard compliance and enforcement matters. Serge is admitted in New Jersey only, and his practice is supervised by DC bar members.

202.739.5633