FERC seeks more info on security efforts at energy firms

The Federal Energy Regulatory Commission (FERC) plans to step up its oversight of cybersecurity at energy companies.

In a new plan submitted to the Office of Management and Budget Dec. 7, FERC proposed requiring energy companies to provide much more detailed reports on the security of their systems and their mitigation efforts.

“The Commission believes that the information that will be requested is critical to ensuring that appropriate mitigation of this potential cyber vulnerability is put in place and that it is put in place as quickly as possible,” FERC’s proposed information collection and request for comments document states.

The new order would affect generator and transmission owners and operators registered by the North American Electric Reliability Corporation (NERC), which operates the electricity grid in North America. The order affects approximately 1,150 companies at a total cost of $1.21 million, FERC said.

Under current rules, companies report the status of mitigation plans as either complete, in progress or not performing.

FERC now wants a copy of the owner or operator’s plan to address a particular vulnerability, including both short- and long-term measures, the measures already taken and an explanation of how those plans will address the problem. If the owner or operator doesn’t believe action should be taken, they must explain why.

FERC said the order was spurred by a March 2007 experiment run by the Idaho National Laboratory that demonstrated the potential damage that could result from a cyberattack on the energy infrastructure. A video released by the Homeland Security Department showed hackers overheating power turbines and causing a diesel generator to explode.

FERC's current oversight strategy “did not provide the level of standard, mandatory protection required,” said Greg Wilshusen, director of information security issues at the Government Accountability Office, speaking at an October hearing about the demonstration.

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.