U.S. Federal Energy Regulatory Commission Issues Cyber Security Standards
On January 17, 2008, the U.S. Federal Energy Regulatory Commission approved eight mandatory reliability standards for cyber security designed to help guard the United States national power grid from cyber security threats and attacks.
The new standards were developed by the North American Electric Reliability Corporation (NERC). However NERC is charged to manage future development of these standards and also follow the guidance of the National Institute of Standards and Technology (NIST) on issues of cyber security. This move is a particularly smart move on the part of FERC to ensure that future cyber security standards developed and maintained by NERC are relevant and current to changes in technology and the field of cyber security research.
According to a FERC press release (See: http://www.ferc.gov/news/news-releases/2008/2008-1/01-17-08-E-2.asp) the eight new cyber security standards address the following topics:
- Critical Cyber Asset Identification;
- Security Management Controls;
- Personnel and Training;
- Electronic Security Perimeters;
- Physical Security of Critical Cyber Assets;
- Systems Security Management;
- Incident Reporting and Response Planning; and
- Recovery Plans for Critical Cyber Assets.
Recently we have seen news reports about other countries like China enhance their cyber security and warfare capabilities within their own government and military forces. However, I'm glad FERC is creating these standards for critical infrastructure protection (CIP) of our nation's power grid to counter the potential threats from other governments and those who would choose to do our country harm.
I hope the power grid operators and electric utility companies quickly implement these standards and help contribute more investment dollars towards the protection of our critical infrastructure assets from cyber and physical security threats.
Comments