It has recently been determined by The Federal Energy Regulatory Commission (FERC), that there is a pressing need to strengthen information security and cybersecurity issues associated with reducing the vulnerability of the power grid to attacks. Additionally, FERC has clearly identified a critical need to further enhance the structural security of the nation's most vital Bulk-Power System facilities.
How FERC Impacts the Nation's Energy Supply
FERC is responsible for and charged with meeting the nation's increased energy demands. In addition, FERC must respond to critical energy infrastructure applications in a timely manner with constructive decisions that protect the environment while fostering the growth of a sustainable infrastructure across the country.
In a recent change of direction, FERC has indicated moving forward with approval of the structural security Reliability Standard (CIP-014-1) which was submitted by the North American Electric Reliability Corporation (NERC).
How can Physical Security Affect Data Security?
In early March of 2014, FERC stated that the existing Critical Infrastructure Protection (CIP) reliability guidelines are seriously lacking in specifications and requirements to reasonably establish protection against structural attacks which could adversely impact the grid's operational safety. As you likely know, a good cybersecurity strategy needs a solid physical security game plan in place too.
NERC is directed to research, develop and submit new standards and specifications that require the owners and operators of Bulk-Power Systems to perform the following:
-
A complete risk assessment of their systems to identify critical facilities
-
An evaluation of potential threats to those facilities
-
An evaluation of all potential vulnerabilities to those facilities
Subsequently, they are directed to research, develop and implement a security plan to safeguard and protect against attacks on all of their facilities.
At large enterprise operations, this might require that the Chief Security Officer (CSO) and Chief Information Security Officer (CISO) communicate with one another in regard to a comprehensive set of criteria. In this way, they can generate a plan that puts forth a unified front against attacks.
While this new directive will require an additional layer of diligence for an organization, it will certainly lead to better security for IT systems and data.
