FERC Proposes to Remove Risk-Based Assessment Methodologies from Reliability Standards Relating to Cyber Security


The current mandatory reliability standard governing electric system cyber security requires each responsible entity to identify which of its assets are “Critical Assets” that support the reliability of the bulk electric system. The entity must make this identification by applying its own “risk-based assessment methodology” (RBAM). Many entities have struggled with how to perform such a risk-based assessment that would satisfy this reliability standard. FERC has now proposed to drop the amorphous RBAM concept in favor of bright line criteria.

Much of the electric industry is dependent on digital information being transferred through electronic pathways to control generators and transmission operations. These “cyber” pathways could be subject to deliberate or non-deliberate disruptions, potentially causing serious interruptions on the nation’s electric grid. The protection of cyber communications has been a matter of increasing concern within the electric industry.

The existing cyber security reliability standard was drafted by the North American Electric Reliability Corporation (NERC) and approved by the Federal Energy Regulatory Commission (FERC). NERC enforces mandatory electric reliability standards, which carry substantial monetary penalties for violations, for all entities that own or operate parts of the nation’s bulk electric system. A group of these standards address cyber security for “Critical Cyber Assets” and are designated as CIP-002 through CIP-009. Under this framework, the CIP-002 standard outlines the method for identifying Critical Cyber Assets, and the rest detail the requirements for protecting such assets. Such protection measures include security management controls, electronic security perimeters, physical security, incident reporting, and recovery plans.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:


Davis Wright Tremaine LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.