This past March, NERC proposed new revisions to help close the gaps in the CIP-003 Reliability Standard. The additional measures will modify the cybersecurity protections for low-impact BES Cyber Systems, including:
- Electronic access control permitting only necessary inbound and outbound access to low-impact BES Cyber Systems for certain communications, whether direct or indirect, using routable protocols.
- Protection of transient electronic devices such as laptops and smartphones, to mitigate exposure of low-impact BES Cyber Systems to malicious code.
- Documentation for cybersecurity policies for CIP Exceptional Circumstances for low-impact BES Cyber Systems, including cybersecurity emergencies, natural disasters, civil unrest, imminent or existing hardware, and software, or equipment failures.
FERC is likely to approve these additional standards. Utilities have expressed their support in lengthy stakeholder engagement. The goal of the revisions is to close the gaps in the CIP-003 Reliability Standard identified by FERC. An upcoming notice and comment process at FERC will provide another good opportunity for utilities to help guide the new standards, or pose any challenges.
To help you define the cyber security threat and review the numerous guidelines and recommendations, you can download SSS’s FREE White Paper – Utility Cyber Security 2017! Get it now!