At its September meeting, FERC asked the energy industry consortium North American Electric Reliability Corporation (NERC) to create a better supply chain security standard for power plants. At the meeting, FERC "proposed to approve" Reliability Standard CIP-015-1, but asked NERC to extend INSM to systems outside of the electronic security perimeter, such as physical and electronic access control systems. In the wake of recent high-profile incidents at utilities, including one last week in Kansas, the US Federal Energy Regulatory Commission (FERC) called for updating standards for supply chain safety to improve the resilience of the US bulk power system. At that same meeting, FERC also addressed a new reliability standard for critical infrastructure protection that mandates monitoring of network traffic inside an electronic security perimeter. Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG. Internal network security monitoring (INSM) monitors communication between devices inside the "trust zone" of a network, providing a backstop for detecting malicious activity that slipped through the security perimeter. The commission also directed NERC to add protected cyber assets (PCAs) to the systems subject to this supply chain scrutiny. Attacks targeting SolarWinds and MOVEit in recent years have spotlighted supply chain risks in cybersecurity.
This Cyber News was published on www.darkreading.com. Publication date: Mon, 30 Sep 2024 22:30:24 +0000