FERC Approves 3 New Supply Chain Cybersecurity Standards
The Federal Energy Regulatory Commission (FERC) released a final rule last week approving three new Critical Infrastructure Protection (CIP) standards addressing supply chain risk management for bulk electric systems.
The new standards require responsible entities (distribution providers, generator owners and operators, transmission owners and operators) to develop and implement security controls for industrial control system hardware, software and services. These new standards respond to supply chain risks, including the insertion of counterfeit or malicious software, unauthorized production, tampering and theft.