Electric utilities and other generation and transmission companies will be subject to new cybersecurity standards under a proposed rule issued by the Federal Energy Regulatory Commission (FERC). FERC proposed to approve the long - awaited Version 5 of the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) Reliability Standards, which will overhaul the CIP regulatory framework and trigger new and revised compliance obligations for many users, owners and operators of the bulk electric system. While Version 5 establishes “a more robust cyber security posture for the industry,” FERC seeks input on certain ambiguous aspects of Version 5. Industry participants should both start their internal compliance reviews with a view toward meeting the final, approved Version 5 and also consider submitting comments to FERC.

Background -

NERC is charged with developing Reliability Standards, enforceable upon FERC approval, to protect the reliability of the bulk electric system (BES), including the CIP Reliability Standards. NERC’s January 31, 2013, petition to FERC for approval of CIP Version 5 included 10 Reliability Standards containing 12 requirements with new cybersecurity controls, new and revised defined terms, violation risk factors and severity levels for assessing penalties for non - compliance, and an implementation plan.