Supply Chain Risk Management Reliability Standards: FERC October 26th Issuance of Final Rule

Walter Wright Jr.
Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.
Contact
LinkedIn
Facebook
X
Send
Embed

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.

Download PDF

The Federal Energy Regulatory Commission (“FERC”) published an October 26th Federal Register notice approving supply chain risk management Reliability Standards:

  • CIP-013-1 (Cyber Security – (Supply Chain Risk Management)
  • CIP-005-6 (Cyber Security – (Electronic Security Perimeters)
  • CIP-010-3 (Cybersecurity – (Configuration Change Management Vulnerability Assessments)

See 83 Fed. Reg. 53992.

Section 215 of the Federal Power Act required an FERC-certified ERO to develop mandatory and enforceable Reliability Standards. However, such standards are subject to FERC approval. The Reliability Standards may be enforced by the ERO – pursuant to FERC oversight or by that governmental organization independently.

The North American Electric Reliability Corporation (“NERC”) had submitted supply chain risk management Reliability Standards for FERC approval. NERC submitted these standards in response to a directive issued by FERC in Order No. 829. See Revised Critical Infrastructure Protection Reliability Standards, Order No. 829.

FERC concludes in the October 26th notice that the supply chain risk management Reliability Standards are:

  • responsive to Order No. 829, and
  • improve the electric industry’s cybersecurity posture by requiring that entities mitigate certain cybersecurity risks associated with the supply chain for BES Cyber Systems.

FERC previously concluded that global supply chain provides significant benefits to customers such as:

  • low cost;
  • interoperability;
  • rapid innovation; and
  • a variety of product features and choice.

However, it further states that the global supply chain creates:

. . . opportunities for adversaries to directly or indirectly affect the management or operations of companies with potential risks to end users.

Such supply chain risks are stated to include:

  • insertion of counterfeit or malicious software;
  • unauthorized production;
  • tampering;
  • theft; and
  • poor manufacturing and development practices.

FERC concludes that the Reliability Standards largely address these supply chain cybersecurity risks as set out within the scope of Order No. 829.

A copy of the Federal Register notice can be found here.

Written by:

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.
Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide