June 24, 2019

FERC enhances cyber incident reporting requirements

Upon petition of the North American Electric Reliability Corporation, the Federal Energy Regulatory Commission has expanded the reporting requirements for cybersecurity incidents, issuing a new Critical Infrastructure Protection Reliability Standard CIP-008-6.  The new standard requires reporting of disruptions and attempts to disrupt operations of a bulk electric system cyber system, in addition to incidents that compromise or attempt to compromise electronic security perimeters, electronic access control or monitoring systems.  The revised standard also addresses the contents of cyber security incident reports, and how and when they must be filed and disseminated.

FERC news release | FERC staff presentation | NERC letter