FERC Issues NOPR on Cyber Security Incident Reporting Reliability Standards

On December 21, 2017, in Docket Nos. RM18-2-000 and AD17-9-000, FERC issued a notice of proposed rulemaking (NOPR) proposing to direct NERC to develop and submit modifications to the CIP Reliability Standards to improve the mandatory reporting of Cyber Security Incidents. The Commission expects the modifications to improve awareness of existing and future cyber security threats and potential vulnerabilities. In particular, FERC proposes to direct NERC to modify the CIP Reliability Standards to specify the required information in Cyber Security Incident reports to improve the quality of reporting and allow for ease of comparison by ensuring that each report includes specified field of information. Additionally, FERC proposes to direct NERC to modify the standards to establish a deadline for filing a report once a compromise or disruption to reliable bulk electric system operation, or an attempted compromise or disruption, is identified by a responsible entity. Comments are due 60 days after publication in the Federal Register.

To view the NOPR, click here.