The FERC has adopted a new cybersecurity standard that will broaden supply chain risk management practices for low-impact bulk electric system (BES) cyber systems. Low-impact assets are generation or transmission facilities that present less risk to the BES if they are compromised.
The newly approved cybersecurity standard was proposed by the North American Electric Reliability Corporation (NERC) in December 2022. Under the standard, entities with bulk facilities whose assets are designated low-impact are required to have procedures for determining and disabling vendor remote access.
This standard is designed to enhance the reliability of the grid by broadening current security controls, providing greater visibility into electronic communication between low-impact BES cyber systems and vendors. These security controls will proffer alerts and the ability to disable vendor remote access in the event of potential malicious communication.