Supply Chain Risk Management Reliability Standards: FERC October 26th Issuance of Final Rule

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.

Download PDF

The Federal Energy Regulatory Commission (“FERC”) published an October 26th Federal Register notice approving supply chain risk management Reliability Standards:

  • CIP-013-1 (Cyber Security – (Supply Chain Risk Management)
  • CIP-005-6 (Cyber Security – (Electronic Security Perimeters)
  • CIP-010-3 (Cybersecurity – (Configuration Change Management Vulnerability Assessments)

See 83 Fed. Reg. 53992.

Section 215 of the Federal Power Act required an FERC-certified ERO to develop mandatory and enforceable Reliability Standards. However, such standards are subject to FERC approval. The Reliability Standards may be enforced by the ERO – pursuant to FERC oversight or by that governmental organization independently.

The North American Electric Reliability Corporation (“NERC”) had submitted supply chain risk management Reliability Standards for FERC approval. NERC submitted these standards in response to a directive issued by FERC in Order No. 829. See Revised Critical Infrastructure Protection Reliability Standards, Order No. 829.

FERC concludes in the October 26th notice that the supply chain risk management Reliability Standards are:

  • responsive to Order No. 829, and
  • improve the electric industry’s cybersecurity posture by requiring that entities mitigate certain cybersecurity risks associated with the supply chain for BES Cyber Systems.

FERC previously concluded that global supply chain provides significant benefits to customers such as:

  • low cost;
  • interoperability;
  • rapid innovation; and
  • a variety of product features and choice.

However, it further states that the global supply chain creates:

. . . opportunities for adversaries to directly or indirectly affect the management or operations of companies with potential risks to end users.

Such supply chain risks are stated to include:

  • insertion of counterfeit or malicious software;
  • unauthorized production;
  • tampering;
  • theft; and
  • poor manufacturing and development practices.

FERC concludes that the Reliability Standards largely address these supply chain cybersecurity risks as set out within the scope of Order No. 829.

A copy of the Federal Register notice can be found here.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C. | Attorney Advertising

Written by:

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.