This is an excerpt from EERE Network News, a weekly electronic newsletter.

January 30, 2008

FERC Boosts Power Grid Standards for Cyber Security

The Federal Energy Regulatory Commission (FERC) recently approved eight new reliability standards for protecting the U.S. power grid from cyber attacks. The new standards, developed by the North American Electric Reliability Corporation (NERC), include a broad range of cyber security measures, including training, physical security measures, electronic security measures, incident reporting, response planning, and recovery planning. The new standards address a critical reliability concern with the U.S. power grid, because all of the large power systems are monitored and controlled with sophisticated computer systems that could be vulnerable to attack via the internet.

While it approved the new standards, FERC also directed NERC to remove a caveat that allows for deviating from the standards based on "reasonable business judgment," instead requiring any deviations to be based on an assessment of technical feasibility. FERC also directed NERC to monitor an ongoing effort by the National Institute of Standards and Technology (NIST) to develop and implement new cyber security standards. NERC will have to see if any improvements to the new reliability standards can be gleaned from the NIST effort. See the FERC press release and official order (PDF 761 KB). Download Adobe Reader.

DOE is also involved in cyber security for the nation's power grid. In October 2007, DOE announced its selection of five cyber security projects to receive up to $7.9 million in federal funding. The five projects, to be carried out over two to three years, will examine vulnerabilities in current control systems and will develop new standards and systems for cyber security and monitoring. See the DOE press release.