NERC Submits Comments on Critical Infrastructure Protection Reliability Standards NOPR

On February 26, 2018, in Docket No. RM18-2-000, NERC submitted comments to FERC’s Notice of Proposed Rulemaking (NOPR) proposing to direct NERC to revise the Critical Infrastructure Protection Reliability Standards to broaden the reporting requirements for Cyber Security Incidents. NERC’s comments support broadened reporting of Cyber Security Incidents. NERC supports the Commission’s proposal to limit the reporting obligation to Cyber Security Incidents that compromise, or attempt to compromise, a Responsible Entity’s Electronic Security Perimeter (ESP) or associated Electronic Access Control or Monitoring Systems (EACMS). However, NERC notes the importance of precisely defining parameters of an “attempt to compromise” to ensure that only suspicious activity is reported. NERC also requests that FERC distinguish between different types of EACMS. Finally, NERC requests that the Commission not direct NERC to develop modifications to the Reliability Standard but provide NERC the flexibility to collect data through alternative approaches.

To view NERC’s comments, click here.