FERC approves cyber security standards

17 January 2008 — The Federal Energy Regulatory Commission (FERC) approved eight mandatory critical infrastructure protection (CIP) reliability standards to protect the nation’s bulk power system against potential disruptions from cyber security breaches.

These reliability standards were developed by the North American Electric Reliability Corporation (NERC), which FERC designated as the electric reliability organization.

The standards require certain users, owners and operators of the bulk power system to establish policies, plans and procedures to safeguard physical and electronic access to control systems, to train personnel on security matters, to report security incidents, and to be prepared to recover from a cyber incident.

The eight CIP reliability standards address critical cyber asset identification; security management controls; personnel and training; electronic security perimeters; physical security of critical cyber assets; systems security management; incident reporting and response planning; and recovery plans for critical cyber assets.