FERC to NERC: Develop Cyber Control Supply Chain Risk Management

Trending News

Q&A – FTC Rule Banning Non-Competes With Workers

Blockchain+ Bi-Weekly: Week of April 25, 2024

Compliance Update — Insights and Highlights April 2024

FTC Approves Non-Compete Ban

Final Rule Raises Salary Threshold to $58,656 for Employee Overtime Exemptions

EEOC Final Rule Implementing the Pregnant Workers Fairness Act

Trending in Telehealth: April 9 – April 15, 2024

Healthcare Preview for the Week of: April 22, 2024 [Podcast]

Pregnant Workers Fairness Act Final Regulations Released

It’s the Final Countdown – The Final PWFA Regs Are Here

J. Daniel Skees

Email

202-739-5834

Bio and Articles

Email

202.739.5633

Bio and Articles

FERC to NERC: Develop Cyber Control Supply Chain Risk Management Standard By J. Daniel Skees and Serge Agbre

by: J. Daniel Skees, Serge Agbre of Morgan, Lewis & Bockius LLP - Power & Pipes

Friday, July 29, 2016

Print Mail Download

i

On July 21, FERC directed NERC to develop a new or modified “forward-looking, objective-driven” Reliability Standard that addresses supply chain risk management for industrial control system hardware, software, and computing and networking services (“cyber controls”) associated with BES operations. FERC required the standard to address

software integrity and authenticity;
vendor remote access;
information system planning; and
vendor risk management and procurement controls.

FERC is concerned that a “gap” exists in the CIP Reliability Standards, which has been highlighted by recent events where malware campaigns have targeted supply chain vendors in BES cyber control systems.

FERC expressed concern that vulnerable systems may be attacked either through hardware or software components of a cyber-control system or a third-party service provider may be attacked who has access to sensitive IT infrastructure or that holds or maintains sensitive data.

Current Legal Analysis

CFPB Supervisory Highlights, Mortgage Servicing Edition, Shed Light on Agency Priorities – “Junk Fees” and Loss Mitigation

by: Christy W. Hancock , Robert Maddox

In an About-Face, Pennsylvania to Regulate Virtual Currency as Money

by: Jeremy M. McLaughlin , Joshua (Josh) Durham

HIPAA Privacy Protections for PHI related to Reproductive Health Care: The Final Rule and what Covered Entities and Business Associates need to Know

by: Cassandra L. Paolillo

Old North State Report – April 25, 2024

by: George M. Teague , Andrew Heath

SDNY Denies Leave to Amend ERISA Complaint with “Substantively the Same Defects” as Dismissed Complaint

by: Alex E. Hotard , Phillip C. Thompson

More from Morgan, Lewis & Bockius LLP

Arizona to Fintech Companies: Come Play in Our Sandbox!

by: Melissa R. H. Hall , Charles M. Horn

New Russia Sanctions: Key Takeaways

by: Brian L. Zimbler , Carl A. Valenstein

DOJ’s First Enforcement Action for ‘No-Poaching’ Agreements Since the Landmark Antitrust Guidance for HR Professionals

by: Mark L. Krotoski

Government Requests for Data: CLOUD Act Attempts to Provide Guidance

by: Dr. Axel Spies , Jessica M. Pelliciotta

Contract Corner: Is It Time for Form NDA Spring Cleaning?

by: Michael L. Pillion , Jessica M. Pelliciotta

Renewable Energy Deals Targeted for More Scrutiny in New Trade Report

by: Stephen Paul Mahinka

No Such Thing as Simple Food Labeling: Changes Ahead in 2018

by: Ryan Fournier

Gender Equality: The French Government’s Roadmap

by: Sabine Smith-Vidal , Laetitia de Pelet

Power to the States: Which Came First, the Chicken (CFPB) or the Eggs (AGs)?

by: Nicholas M. Gess , Charles M. Horn

DC Circuit’s ACA v. FCC Decision: Implications for Calling and Texting

by: Gregory T. Parks , Ezra D. Church

Upcoming Legal Education Events

Jun

4

2024

FinTech and Securities Trading Platforms

May

17

2024

Upon Further Review: A Look Back at the Last Year in the Third, Fourth, and D.C. Circuits

May

15

2024

Capital Connect: Finance & Funding in Life Sciences

May

14

2024

Harmonizing TSCA Consent Orders with OSHA HCS 2012

Print