Tighter cybersecurity for U.S. power grid
More stringent rules for cybersecurity compliance are approved by NERC
The North American Electric Reliability Corporation has approved a set of revised cyber-security standards for the North American bulk power system, according to a CSOonline report.
The revised Critical Infrastructure Protection reliability standards are comprised of approximately 40 'good housekeeping' requirements designed to lay a solid foundation of sound security practices. The revisions approved address concerns raised by the Federal Energy Regulatory Commission when it conditionally approved the standards currently in effect.
The standards "if properly implemented, will develop the capabilities needed to secure critical infrastructure from cyber security threats," NERC said. Entities that fail to comply can be fined up to $1 million per day per violation in the United States, with other enforcement provisions in place throughout much of Canada. Audits for compliance will begin on July 1.
NERC is an international self-regulatory authority for ensuring the reliability of the bulk electric power system in North America. It develops and enforces reliability standards, and under the Energy Policy Act of 2005, it has the power to fine violators for standards violations.
Recent news reports have claimed that some electric grid IT systems have been breached and software inserted into the systems, and the intrusions have been traced to computers in Russia and China. However, no details of the alleged breaches have been released, and NERC could not confirm the reports.
To read the full CSOonline report, click here.
Connect with the GCN staff on Twitter @GCNtech.