Originally published in Law360, New York (May 24, 2012, 1:03 PM ET).

New criteria approved in April 2012 by the Federal Energy Regulatory Commission will impose cybersecurity standards on additional generating, transmission and other facilities critical to the bulk power system’s reliability.

But complying with these standards by the July 2014 effective date is only part of the challenge presented by FERC’s April 19, 2012, order approving Version 4 of the North American Electric Reliability Corp.’s (NERC) cybersecurity standards, known as the critical infrastructure protection (CIP) reliability standards.

Regulated entities must also prepare for the next version of the CIP standards, which FERC directed NERC to file by March 31, 2013, and the real possibility that Version 4 compliance efforts will be all for naught if the new cybersecurity standards are substantially revised before Version 4 ever goes into effect.