FERC Outlines Supply Chain Security Rules for Power Plants

The US Federal Energy Regulatory Commission spells out what electric utilities should do to protect their software supply chains, as well as their network trust zones.

Attacks targeting SolarWinds and MOVEit in recent years have spotlighted supply chain risks in cybersecurity. In the wake of recent high-profile incidents at utilities, including one
last week in Kansas
, the US Federal Energy Regulatory Commission (FERC) called for updating standards for supply chain safety to improve the resilience of the US bulk power system.
At its
September meeting, FERC
asked the energy industry consortium North American Electric Reliability Corporation (NERC) to create a better supply chain security standard for power plants. Such utilities would have to:
Identify supply chain risks to electrical grid-related cybersecurity systems at regular intervals.
Assess and validate the information vendors submit during procurement.
Document, track, and respond to those risks.
The commission also directed NERC to add protected cyber assets (PCAs) to the systems subject to this supply chain scrutiny.
At that same meeting, FERC also addressed a new reliability standard for critical infrastructure protection that mandates monitoring of network traffic inside an electronic security perimeter.
Internal network security monitoring (INSM) monitors communication between devices inside the trust zone of a network, providing a backstop for detecting malicious activity that slipped through the security perimeter. In addition to allowing an early warning about intrusions, this
east-west visibility
provides a more complete picture of the scope of an attack.
At the meeting, FERC proposed to approve
Reliability Standard CIP-015-1
but
asked NERC
to extend INSM to systems outside of the electronic security perimeter, such as physical and electronic access control systems.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
FERC Outlines Supply Chain Security Rules for Power Plants