FERC seeks more info on security efforts at energy firms

The Federal Energy Regulatory Commission (FERC) plans to step up its oversight of cybersecurity at energy companies.

In a new plan submitted to the Office of Management and Budget Dec. 7, FERC proposed requiring energy companies to provide much more detailed reports on the security of their systems and their mitigation efforts.

“The Commission believes that the information that will be requested is critical to ensuring that appropriate mitigation of this potential cyber vulnerability is put in place and that it is put in place as quickly as possible,” FERC’s proposed information collection and request for comments document states.

The new order would affect generator and transmission owners and operators registered by the North American Electric Reliability Corporation (NERC), which operates the electricity grid in North America. The order affects approximately 1,150 companies at a total cost of $1.21 million, FERC said.

Under current rules, companies report the status of mitigation plans as either complete, in progress or not performing.

FERC now wants a copy of the owner or operator’s plan to address a particular vulnerability, including both short- and long-term measures, the measures already taken and an explanation of how those plans will address the problem. If the owner or operator doesn’t believe action should be taken, they must explain why.

FERC said the order was spurred by a March 2007 experiment run by the Idaho National Laboratory that demonstrated the potential damage that could result from a cyberattack on the energy infrastructure. A video released by the Homeland Security Department showed hackers overheating power turbines and causing a diesel generator to explode.

FERC's current oversight strategy “did not provide the level of standard, mandatory protection required,” said Greg Wilshusen, director of information security issues at the Government Accountability Office, speaking at an October hearing about the demonstration.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.