FERC seeks more info on security efforts at energy firms

The Federal Energy Regulatory Commission (FERC) plans to step up its oversight of cybersecurity at energy companies.

In a new plan submitted to the Office of Management and Budget Dec. 7, FERC proposed requiring energy companies to provide much more detailed reports on the security of their systems and their mitigation efforts.

“The Commission believes that the information that will be requested is critical to ensuring that appropriate mitigation of this potential cyber vulnerability is put in place and that it is put in place as quickly as possible,” FERC’s proposed information collection and request for comments document states.

The new order would affect generator and transmission owners and operators registered by the North American Electric Reliability Corporation (NERC), which operates the electricity grid in North America. The order affects approximately 1,150 companies at a total cost of $1.21 million, FERC said.

Under current rules, companies report the status of mitigation plans as either complete, in progress or not performing.

FERC now wants a copy of the owner or operator’s plan to address a particular vulnerability, including both short- and long-term measures, the measures already taken and an explanation of how those plans will address the problem. If the owner or operator doesn’t believe action should be taken, they must explain why.

FERC said the order was spurred by a March 2007 experiment run by the Idaho National Laboratory that demonstrated the potential damage that could result from a cyberattack on the energy infrastructure. A video released by the Homeland Security Department showed hackers overheating power turbines and causing a diesel generator to explode.

FERC's current oversight strategy “did not provide the level of standard, mandatory protection required,” said Greg Wilshusen, director of information security issues at the Government Accountability Office, speaking at an October hearing about the demonstration.

Featured

  • Workforce
    Avril Haines testifies SSCI Jan. 19, 2021

    Haines looks to restore IC workforce morale

    If confirmed, Avril Haines says that one of her top priorities as the Director of National Intelligence will be "institutional" issues, like renewing public trust in the intelligence community and improving workforce morale.

  • Defense
    laptop cloud concept (Andrey Suslov/Shutterstock.com)

    Telework, BYOD and DEOS

    Telework made the idea of bringing your own device a top priority as the Defense Information Systems Agency begins transitioning to a permanent version of the commercial virtual remote environment.

Stay Connected