FERC Outlines Supply Chain Security Rules for Power Plants

  /     /     /  
Publicated : 23/11/2024   Category : security


FERC Outlines Supply Chain Security Rules for Power Plants


The US Federal Energy Regulatory Commission spells out what electric utilities should do to protect their software supply chains, as well as their network trust zones.



Attacks targeting SolarWinds and MOVEit in recent years have spotlighted supply chain risks in cybersecurity. In the wake of recent high-profile incidents at utilities, including one
last week in Kansas
, the US Federal Energy Regulatory Commission (FERC) called for updating standards for supply chain safety to improve the resilience of the US bulk power system.
At its
September meeting, FERC
asked the energy industry consortium North American Electric Reliability Corporation (NERC) to create a better supply chain security standard for power plants. Such utilities would have to:
Identify supply chain risks to electrical grid-related cybersecurity systems at regular intervals.
Assess and validate the information vendors submit during procurement.
Document, track, and respond to those risks.
The commission also directed NERC to add protected cyber assets (PCAs) to the systems subject to this supply chain scrutiny.
At that same meeting, FERC also addressed a new reliability standard for critical infrastructure protection that mandates monitoring of network traffic inside an electronic security perimeter.
Internal network security monitoring (INSM) monitors communication between devices inside the trust zone of a network, providing a backstop for detecting malicious activity that slipped through the security perimeter. In addition to allowing an early warning about intrusions, this
east-west visibility
provides a more complete picture of the scope of an attack.
At the meeting, FERC proposed to approve
Reliability Standard CIP-015-1
but
asked NERC
to extend INSM to systems outside of the electronic security perimeter, such as physical and electronic access control systems.

Last News

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
FERC Outlines Supply Chain Security Rules for Power Plants