FERC seeks more info on security efforts at energy firms

The Federal Energy Regulatory Commission (FERC) plans to step up its oversight of cybersecurity at energy companies.

In a new plan submitted to the Office of Management and Budget Dec. 7, FERC proposed requiring energy companies to provide much more detailed reports on the security of their systems and their mitigation efforts.

“The Commission believes that the information that will be requested is critical to ensuring that appropriate mitigation of this potential cyber vulnerability is put in place and that it is put in place as quickly as possible,” FERC’s proposed information collection and request for comments document states.

The new order would affect generator and transmission owners and operators registered by the North American Electric Reliability Corporation (NERC), which operates the electricity grid in North America. The order affects approximately 1,150 companies at a total cost of $1.21 million, FERC said.

Under current rules, companies report the status of mitigation plans as either complete, in progress or not performing.

FERC now wants a copy of the owner or operator’s plan to address a particular vulnerability, including both short- and long-term measures, the measures already taken and an explanation of how those plans will address the problem. If the owner or operator doesn’t believe action should be taken, they must explain why.

FERC said the order was spurred by a March 2007 experiment run by the Idaho National Laboratory that demonstrated the potential damage that could result from a cyberattack on the energy infrastructure. A video released by the Homeland Security Department showed hackers overheating power turbines and causing a diesel generator to explode.

FERC's current oversight strategy “did not provide the level of standard, mandatory protection required,” said Greg Wilshusen, director of information security issues at the Government Accountability Office, speaking at an October hearing about the demonstration.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.