On October 4, 2019, FERC staff issued a report for users, operators, and owners of the bulk-power system to increase compliance with mandatory Critical Infrastructure Protection (“CIP”) standards and improve cybersecurity for the nation’s electric grid. In the report, FERC staff recommended, among other things, that entities:

  1. verify employees’ recurring authorizations for using removable media;
  2. ensure all employees and third-party contractors complete required trainings and properly maintain training records;
  3. consider all generation assets when categorizing bulk electric system cyber systems associated with transmission facilities; and
  4. review all firewalls to ensure there are no obsolete or overly permissive firewall access control rules in use.

FERC staff noted that the report was designed to help entities assess their risk and compliance with mandatory reliability standards. Furthermore, FERC staff explained that the report’s findings were based on non-public CIP audits of registered entities whose cybersecurity processes and procedures met mandatory CIP requirements and standards during fiscal year 2019.

Click here to read the report.